[Owncloud] Authentication error in ajax requests

[Thomas Tanghus]

On Sunday 25 November 2012 15:18 Christian Reiner wrote:
> Hi all,
> since about 2 weeks I encounter a funny issue in git master when firing an
> ajax request under certain circumstances:
> 
> ownClouds WebUI loads fine, but ajax requests fail. Error message:
> {"data":{"message":"Authentication error"},"status":"error"}

It sounds like the same I've files an issue about 
https://github.com/owncloud/core/issues/527

> Aparently this only happens when a session existed before and has expired.
> When I use a reload inside the browser then the above issue happens. No
> problem after a fresh login, so it is not an implementation problem of that
> ajax script.

When I refresh I don't get the error for a while, but after just ~20 minutes 
idle, ajax calls starts to fail again.

> Secons aspect: when I get this error I would like to re-login (though that
> is pretty annoying). So I now click the 'logout' button the page reloads
> instead of sending me to the login page. I have to logout _a_ _second_
> _time_ to be able to login again. After that procedure all works fine
> again, including the ajax request. That problem started about 2 weeks ago,
> I cannot remember a single incident like this before although I tested a
> lot with sessions and expiration about 2 month ago when implementing the
> self-extending CSRF tokens myself.
> Since that CSRF-implementation has been altered (simplyfied) inbetween I
> dare to say that most likely the issue has been introduced with those
> changes... I suspect that unlike before the CSRF tokens are not refreshed
> any more in background and expire. That is a big problem for apps that do
> not require a full reload all the time but load only once.
> 
> @Lukas: I _think_ you implemented the last changes... Could you give this
> issue a short look? Thanks!
-- 
Med venlig hilsen / Best Regards

Thomas Tanghus