Skip to content

26.6.9

Highlights

  • Hardened session handling for expired or invalid authentication tokens.
  • Improved auth UX so protected views immediately recover to sign-in when session auth fails.
  • Updated backlog and changelog documentation to reflect current auth-security delivery.

Session Reliability

  • Frontend now centralizes 401 handling for authenticated API requests.
  • Expired, invalid, signed-out, or unauthorized session responses now clear local session state immediately.
  • Protected routes now redirect to sign-in with a clear session-expired message.

Token Storage and Auth Flow

  • Session continues to rely on HttpOnly cookie transport for API authentication.
  • Frontend request layer uses credentialed requests and no longer depends on browser-stored bearer tokens.

Docs and Backlog

  • Backlog item Expired token session-state handling marked completed.
  • Security backlog item Token storage security marked completed.
  • 26.6.8 changelog wording cleaned to remove completed-item bullets.

Nexus by McGuire Technology