Occasionally users may delete all cookies or in self hosted situations (which do not have auth token set via env) junk redis.
When this happens behaviour is kind of odd.
It looks like you are logged in:
If you are browsing a secure topic, you only see placeholders:
Depending on the site you are on (requires login or not) you will start seeing lots of 302s or 403s
If we detect a user is somehow no longer logged in, we should open a modal saying “looks like you were logged out would you like to refresh” or something along those lines.
We can solve this very cleanly, by:
Adding a custom HTTP header:
DISCOURSE_LOGGED_IN: trueto all Ajax calls we make (based on what the client thinks.
Adding a custom HTTP header to responses from the server when there is a conflict between server and client state:
Then client can easily tell that it was logged out and raise the screen and if anyone anywhere has issues with status codes (due to live permission changes and the like) we will not confuse it with the “logged out” situation.