Meteor.userId available on client event after clearing loginTokens on the server


#1

Hello! I was doing my auth depending on Meteor.userId() status on the client and then I noticed that Meteor.userId() is not reactive. If I run following mongo update on the server:

Meteor.users.update(
        {},
        { $set: { 'services.resume.loginTokens': [] } },
        { multi: true }
      );

Meteor.userId() would still be available on the client until page refresh… I would be gratefull for any suggestions how to solve this! Any better way to have a reactive value to watch for?

Thanks!


#2

What about Meteor.user()?


#3

Also available until page refresh


#4

Hmm, I just tried going into the db and removing the ‘resume’ field on my user, and I got logged out of my app right away!

Meteor.userId() returns undefined too.


#5

Hmmm O_o wonder what is going wrong on my side then


#6

Right, probably you have some routes authenticated, but my app is working so that you can only access it with login, so all child states are protected except for login… If I clear loginTokens all publications become unavailable, but client can still navigate through the app until page refresh. It means client cannot make any changes and can only see loaders everywhere but it doesnt look very professional ^^


#7

Hmm, are you saying you have server-side routes that somehow deny the connection unless you have a login token? Check Meteor.status().connected, maybe what’s happening is that the client loses the connection and thus never updates the user?


#8

@alekna

If all of your routes except login are login-restricted, you should consider wrapping your templates in a container that checks if the user is logged in and shows a default “Log in to continue” message if they aren’t logged in.

Just my two cents.