potiuk commented on code in PR #3398:
URL: https://github.com/apache/apisix-dashboard/pull/3398#discussion_r3350026891
##########
e2e/tests/auth.spec.ts:
##########
@@ -60,9 +61,19 @@ test('can auth with admin key', { tag: '@auth' }, async ({
page }) => {
.getByRole('button')
.click();
- await page.reload();
+ // The key authenticates the current session immediately (it is held in
+ // memory), so the token check now succeeds without a reload.
await expect(failedMsg).toBeHidden();
});
+
+ await test.step('admin key is not persisted across a full reload', async ()
=> {
+ // The admin key is kept in memory only and never written to browser
+ // storage, so a hard reload drops it and re-authentication is required.
+ await page.reload();
+ await expect(failedMsg).toBeVisible();
+ await expect(settingsModal).toBeVisible();
+ await expect(adminKeyInput).toBeEmpty();
Review Comment:
No - not really, it's the UX change that is explained in the PR description
-> it's per browsing session.
As I understand it and worth double checking what happens with this change
in - it behaves in this way:
> * A page session lasts as long as the browser is open, and survives over
page reloads and restores.
> * Opening a page in a new tab or window creates a new session with the
value of the top-level browsing context, which differs from how session cookies
work.
> * Opening multiple tabs/windows with the same URL creates sessionStorage
for each tab/window.
> * Closing a tab/window ends the session and clears objects in
sessionStorage.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
