Notification SSE stream retries infinitely when session expires #203

New Issue

Closed

opened 2026-04-07 11:08:56 +02:00 by marcel · 0 comments

marcel commented 2026-04-07 11:08:56 +02:00

Owner

Copy Link

Context

NotificationBell.svelte opens an EventSource to /api/notifications/stream on mount (line 130). The browser's EventSource API automatically reconnects on any error -- this is by design for transient network failures, but becomes a problem when the server returns 401/403 due to an expired session.

What happens

1. User's session expires (or credentials become invalid)
2. EventSource reconnect fires a request to /api/notifications/stream
3. Spring Security rejects it (all non-public endpoints require authentication -- SecurityConfig.java line 63: auth.anyRequest().authenticated())
4. EventSource sees an error, waits ~3 seconds, retries -- forever
5. The browser spams the server with unauthenticated requests in a tight retry loop

Impact

• Network spam: continuous failing requests from every tab with an expired session
• Server load: each retry hits the Spring Security filter chain and returns a 401
• No user feedback: the user is not redirected to login; the UI silently degrades (no new notifications arrive, but no error is shown)

Root cause

NotificationBell.svelte lines 128-137 -- the EventSource setup has no onerror handler:

onMount(() => {
    fetchUnreadCount();
    eventSource = new EventSource('/api/notifications/stream');
    eventSource.addEventListener('notification', (e) => {
        const notification = parseNotificationEvent(e.data);
        if (!notification) return;
        notifications = [notification, ...notifications];
        if (!notification.read) unreadCount += 1;
    });
    // no onerror handler -- EventSource retries indefinitely on 401
});

The EventSource API does not expose the HTTP status code in its onerror event, so the client cannot distinguish a 401 from a network hiccup purely from the error event. However, EventSource.readyState === EventSource.CLOSED indicates the browser gave up (which happens on non-retryable errors like 401 in most browsers), vs EventSource.CONNECTING which means it is retrying.

Proposed fix

Add an onerror handler that:

1. Checks eventSource.readyState -- if CLOSED, the server rejected the connection (likely 401). Close and stop.
2. If CONNECTING (browser is retrying), probe the session with a lightweight fetch to /api/notifications/unread-count. If that returns 401, close the EventSource and redirect to /login.
3. Optionally add a retry counter to cap reconnection attempts even for transient failures.

eventSource.onerror = async () => {
    if (eventSource?.readyState === EventSource.CLOSED) {
        eventSource.close();
        return;
    }
    // Probe session validity
    const res = await fetch('/api/notifications/unread-count');
    if (res.status === 401) {
        eventSource?.close();
        window.location.href = '/login';
    }
};

Files involved

• frontend/src/lib/components/NotificationBell.svelte -- needs onerror handler (primary fix)
• backend/src/main/java/org/raddatz/familienarchiv/service/SseEmitterRegistry.java -- no changes needed, already cleans up on error/timeout
• backend/src/main/java/org/raddatz/familienarchiv/config/SecurityConfig.java -- no changes needed

## Context `NotificationBell.svelte` opens an `EventSource` to `/api/notifications/stream` on mount (line 130). The browser's `EventSource` API automatically reconnects on any error -- this is by design for transient network failures, but becomes a problem when the server returns 401/403 due to an expired session. ## What happens 1. User's session expires (or credentials become invalid) 2. `EventSource` reconnect fires a request to `/api/notifications/stream` 3. Spring Security rejects it (all non-public endpoints require authentication -- `SecurityConfig.java` line 63: `auth.anyRequest().authenticated()`) 4. `EventSource` sees an error, waits ~3 seconds, retries -- forever 5. The browser spams the server with unauthenticated requests in a tight retry loop ## Impact - **Network spam**: continuous failing requests from every tab with an expired session - **Server load**: each retry hits the Spring Security filter chain and returns a 401 - **No user feedback**: the user is not redirected to login; the UI silently degrades (no new notifications arrive, but no error is shown) ## Root cause `NotificationBell.svelte` lines 128-137 -- the `EventSource` setup has no `onerror` handler: ```js onMount(() => { fetchUnreadCount(); eventSource = new EventSource('/api/notifications/stream'); eventSource.addEventListener('notification', (e) => { const notification = parseNotificationEvent(e.data); if (!notification) return; notifications = [notification, ...notifications]; if (!notification.read) unreadCount += 1; }); // no onerror handler -- EventSource retries indefinitely on 401 }); ``` The `EventSource` API does not expose the HTTP status code in its `onerror` event, so the client cannot distinguish a 401 from a network hiccup purely from the error event. However, `EventSource.readyState === EventSource.CLOSED` indicates the browser gave up (which happens on non-retryable errors like 401 in most browsers), vs `EventSource.CONNECTING` which means it is retrying. ## Proposed fix Add an `onerror` handler that: 1. Checks `eventSource.readyState` -- if `CLOSED`, the server rejected the connection (likely 401). Close and stop. 2. If `CONNECTING` (browser is retrying), probe the session with a lightweight fetch to `/api/notifications/unread-count`. If that returns 401, close the `EventSource` and redirect to `/login`. 3. Optionally add a retry counter to cap reconnection attempts even for transient failures. ```js eventSource.onerror = async () => { if (eventSource?.readyState === EventSource.CLOSED) { eventSource.close(); return; } // Probe session validity const res = await fetch('/api/notifications/unread-count'); if (res.status === 401) { eventSource?.close(); window.location.href = '/login'; } }; ``` ## Files involved - `frontend/src/lib/components/NotificationBell.svelte` -- needs `onerror` handler (primary fix) - `backend/src/main/java/org/raddatz/familienarchiv/service/SseEmitterRegistry.java` -- no changes needed, already cleans up on error/timeout - `backend/src/main/java/org/raddatz/familienarchiv/config/SecurityConfig.java` -- no changes needed

marcel added the bug label 2026-04-07 11:09:00 +02:00

marcel referenced this issue from a commit 2026-04-22 15:42:29 +02:00

fix(notifications): replace aggressive EventSource close with threshold-based 401-aware retry

marcel closed this issue 2026-04-22 15:42:29 +02:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

feat/issue-533-mass-import-ux

feat/issue-527-unsaved-warning-new-pages

worktree-feat+issue-557-upload-artifact-v3-pin

worktree-chore+issue-556-drop-client-branches-coverage-gate

fix/issue-514-prerender-crawl-bakes-redirects

fix/issue-472-prerender-entries

feat/issue-395-readme

feat/issue-345-bulk-mark-reviewed

feat/issue-344-bell-tooltip

feat/issue-341-annotieren-contrast

feat/issue-225-bulk-metadata-edit

feat/issue-317-bulk-upload

feat/issue-271-dashboard-redesign

docs/issue-240-mission-control-spec

refactor/issues-193-200

feat/issue-162-korrespondenz-redesign

feature/68-new-document-file-first

feat/81-discussion-discoverability

feat/62-document-bottom-panel

feature/56-backfill-file-hashes

feat/38-document-edit-history

fix/svelte5-test-delegation-and-login-auth

No results found.

Labels

Clear labels

P0-critical

Blocks a core user journey, causes data loss, or is a security/accessibility barrier. Work on this before P1+.

P1-high

Significant friction on a main user journey; workaround exists but is non-obvious. Next up after P0.

P2-medium

Noticeable improvement; doesn't block anything; schedule opportunistically.

P3-later

Cosmetic or parking-lot work; fine to stay open indefinitely.

audit

Read-only audit / assessment work; produces a report rather than changing code

bug

Something isn't working

cleanup

Removal of dead code, vague comments, naming violations, and scratch artifacts

collaboration

We want to extend the family archive to have more collaboration tools

conversation

descoped

We will do that later

devops

documentation

README, ARCHITECTURE, GLOSSARY, CONTRIBUTING, per-domain docs

epic

Marker for epic-level issues that group multiple child issues

feature

file-upload

legibility

Codebase Legibility Refactor — preparing the codebase for human evaluation and bus-factor reduction

notification

person

phase-1: security

Security hygiene — must be done first

phase-2: container-images

Production-ready multi-stage Docker images

phase-3: prod-compose

Production compose overlay + Caddy reverse proxy

phase-4: spring-prod-profile

Spring Boot production configuration profile

phase-5: backups

Database and object storage backup strategy

phase-6: deployment-docs

.env.example, DEPLOYMENT.md, runbook

phase-7: monitoring

Prometheus, Loki, Grafana, Alertmanager

refactor

Code restructuring without behaviour change

security

test

ui

UI/UX and accessibility issues

user

No Label bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

Jens marcel

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: marcel/familienarchiv#203