Flutter + Rails Auth Session Keeps Dropping - 3 Causes and Solutions
Login sessions keep dropping in a Flutter BLoC app. Tokens are stored in SecureStorage, automatic renewal on 401 is implemented via Dio interceptors – so why? Starting from server logs, I found 3 causes and fixed all of them. Here is the full process. Tech Stack Mobile: Flutter + BLoC pattern + Dio HTTP + SecureStorage Server: Rails 8 API + ActionCable WebSocket Auth: SHA-256 digest-based access token + JTI refresh token (90 days) Real-time: ActionCable WebSocket (token-based auth) Symptoms Works fine right after login API requests start failing with 401 after some time Token refresh seems to work, but WebSocket disconnects App eventually transitions to unauthenticated state Cause 1: Ghost of Legacy Code - Residual DTA Methods Discovery Server logs showed intermittent user.tokens-related errors during token refresh. The project had migrated from devise_token_auth (DTA) to a custom token system, but token_refresh_service.rb still had DTA-era code. ...