Accounts DDP logs out when page is refreshed

I have two meteor apps. First one is the backend and the second one is the web/ios app. I want my ios app to use the backend app’s Mongo instead of its own. To make it work I created a DDP connection and set it as Accounts.connection. Now, register and login seems work fine but when I refresh the page Meteor server logs me out with the following error.

Error logging in with token: Error: You’ve been logged out by the server. Please log in again.

I created a repo to demonstrate the issue I have. Here you can find the repo and check the code.

Here is screencast of the issue.

Any help would be appreciated.

If I put a breakpoint into accounts-base.js:158 and set __meteor_runtime_config__.ACCOUNTS_CONNECTION_URL to my DDP url it works fine.

Any ideas?

I faced the same problem not long ago. And here is my solution (based on information from this forum).
Maybe some meteor gurus can show better way to do this.

Meteor.startup(function () {
DDPConnection = DDP.connect('<backend server>');

Meteor.connection = DDPConnection;
Accounts.connection = Meteor.connection;
Meteor.users = new Meteor.Collection('users', {connection: DDPConnection});
Meteor.connection.subscribe('users');

Tracker.autorun(function () {
  var token = Session.get('_storedLoginToken');
  if(token)
    Meteor.loginWithToken(token, function(err){
      if(!err) console.log('loginWithToken ',token);
      if(err) {
          // Using for displaying login errors in app
          Session.set('ddpErrors', err);
      }
    });
});

Tracker.autorun(function(){
  var user = Meteor.user();
  console.log('autorun.user');
  if(user)
  {
    // using u2622:persistent-session
    Session.setPersistent('_storedLoginToken', Accounts._storedLoginToken());
  }
});

Some comments:

  1. i’m not redefining methods ([ ‘subscribe’, ‘call’, ‘apply’, ‘methods’, ‘status’, ‘reconnect’, ‘disconnect’, ‘onReconnect’ ])
  2. i’m using u2622:persistent-session to store login token. You can use _localStorage, but for me u2622:persistent-session syntax is more clear.
  3. run cordova app as: meteor run --mobile-server

Cons: I tried meteor 1.2-rc.4, and this hack not work anymore. So if you need solution “here and now”, you can use this, otherwise just wait for 1.2 documentation.

Login event:

Template.mainLayout.events({
'click .login-button': function (e, t) {
    e.preventDefault();

    var email = t.find('.login-email').value,
        password = t.find('.login-password').value;

    Meteor.loginWithPassword(email, password, function (e) {
        if (e) {
            console.log(e);
            // Using for displaying login errors in app
            Session.set('ddpErrors', e);
        }
        if (Meteor.user()) {
            console.log(Meteor.user());
        }
        return;
    });

    return false;
}
});

It seems its working but actually it logs out you and you log in the user again. See the gif below.

http://g.recordit.co/U2xlsqDl3i.gif

This could be usable as a workaround for sure, thanks for sharing it.

Yes, i know about it. But it is the best (working one) workaround i found, after hours of debugging and googling “Error logging in with token: Error: You’ve been logged out by the server. Please log in again. [403]”.
App is working (finally!), and i’m waiting now for meteor 1.2, cause afaik there will be many changes in cordova part and cross-app ddp part.
Again, if any of meteor guru can tell how to do it right, it would be great.

In meteor 1.2 accounts internals changed, so

Meteor.users = new Meteor.Collection('users', {
    connection: DDPConnection
});

not working anymore.
Instead you can use

Account.users = new Meteor.Collection('users', {
    connection: DDPConnection
});

Still a hack, but no other ways to do this now.
See https://github.com/meteor/meteor/issues/5103

@chipjuggler, @fatihacet this solution does’n work for me. Did you finally find any working solution?

Have you changed code for meteor 1.2? (my prev. message).

@chipjuggler yes, I change it from Meteor.users to Accounts.users and login is successfull. But after page refresh I receive message:

Error logging in with token: Error: You've been logged out by the server. Please log in again. [403]

and user is logged out.

I think it’s something with autorun. Can you show that part of code? There must be 2 autorun functions. One for saving token in session, and second for using token for login.

@chipjuggler thank you. I found the workaround here

But it is still just workaround

Nice!
There is advanced account api introduced in meteor 1.2: http://docs.meteor.com/#/full/advanced_accounts_api
But i still have no time to check it and to migrate one of my projects to it.

It will be great to have a working example of this new accounts api. I’ll try to test it.

The new accounts API does not allow logging into a remote connection just with a token. There still needs to be proper accounts client channels established.

My porpoise is to be able login from mobile application which connected to web application. And login with token is just workaround.

So, I still didn’t find good solution to login remotely and get userId. Any ideas?
I can successfully login, create new user, call any parent server method, but if I refresh the page I have to login again.
Looks like then I refresh page child app client try to check if user logged in on its own server instead of parent.

I am using meteor 1.4.2 and have used all answers listed here and still facing the same problem. please help if any one has a solution that works for 1.4.2. Read the new accounts API especially multiserver section, but an able to translate that into a workable solution.

Hi @nosizejosh
I finally decided to implement native iPhone app and make communication between meteor and application with REST API.

@achirkof. Thank you for replying. Please who has a solution to this. I’m I going about this wrongly? Meteor gurus help if you have a solution. Thanks. @serkandurusoy @chipjuggler @fatihacet @sacha @sashko

Essentially, the answer from @chipjuggler here is correct, not sure why it is not working anymore. When the page refreshes you need to log back in. You cannot keep logged in between page refreshes.

I answered a similar question here which relies more on the accounts package so you do not need to manage the _storedLoginToken yourself. And it works today. I am using it in 1.4.2.6.