Headers not present in all requests

[sofianegargouri]

Hi !

I'm actually experiencing a strange issue: my headers with the tokens are not sent in each request, but only some of them. I don't really understand, because one of my controllers has before_action :authenticate_v1_admin_user!, but not the other, and it's the one with before_action :authenticate_v1_admin_user! who isn't sending the headers.

I'm using Rails 5.0.2, with gem 'devise_token_auth', '~> 0.1.40'

Thanks for your help !

[diiq]

I suspect you've already solved this, but for people landing here from google:

I've had this problem, too - but it turns out it's expected behavior. New tokens are sent only when it's time for the token to change. So if you fire of a bunch of requests all at once, the first response will have a new token in the header, and then rest will have no token in the header at all.

Always use whichever token has the latest expiry date, and keep using that token until a response comes bearing a new one.

[sofianegargouri]

Didn't solve it yet :/
And thanks for your answer. Guess I can close it !

[gugat]

New tokens are sent only when it's time for the token to change.

@diiq Do you know when does that happen?

[diiq]

There are two config variables that control that, I think:

  config.change_headers_on_each_request = true
  config.batch_request_buffer_throttle = 60.seconds

The batch request throttle says "allow a buncha requests to come in all at the same time to use the same token", and change headers says "send a new token with one request from each batch".

(You can turn off changing tokens entirely by setting change_headers_on_each_request to false; There are security ramifications, of course.)

[rusucosmin]

For those still having this issue, I had fixed by clearing all existing tokens, user.update!(tokens: nil), and then new tokens were generated and added in headers. Oh boy!