What Is Happening
When the UI is opened for the first time after a prior session, the dashboard immediately requests /api/v1/devices/stats.
In certain sessions, the browser still holds a stale authentication token in local storage. The application treats that persisted value as a valid signed in state and proceeds with protected requests before token validity is re established.
As a result, the statistics request is sent with an invalid or expired bearer token, and the server responds with 401 Unauthorized.
After this first failure, the logout flow clears local storage and redirects the user, so the same symptom usually does not recur right away.
How To Reproduce
- Allow a previous login session token to expire.
- Open or refresh the root route, for example
/
- Observe the network request to
/api/v1/devices/stats.
- Confirm that the response is
401 Unauthorized during this initial load sequence.
What Is Expected
When a previous session token has expired, the application should detect that state before making requests that require a valid login token.
What Is Happening
When the UI is opened for the first time after a prior session, the dashboard immediately requests
/api/v1/devices/stats.In certain sessions, the browser still holds a stale authentication token in local storage. The application treats that persisted value as a valid signed in state and proceeds with protected requests before token validity is re established.
As a result, the statistics request is sent with an invalid or expired bearer token, and the server responds with
401 Unauthorized.After this first failure, the logout flow clears local storage and redirects the user, so the same symptom usually does not recur right away.
How To Reproduce
//api/v1/devices/stats.401 Unauthorizedduring this initial load sequence.What Is Expected
When a previous session token has expired, the application should detect that state before making requests that require a valid login token.