be1db018fe
- Session model, type interface, and API service - Sessions settings page showing active sessions with device info, IP address, last active time, and current session indicator - Auth store updated to use cookie-based refresh tokens for user sessions and JWT-based renewal for link shares - refreshToken() uses Web Locks API to coordinate across browser tabs — only one tab performs the refresh, others adopt the result - 401 response interceptor with automatic retry: detects expired JWT (error code 11), refreshes the token, and replays the request - Interceptor gated to user JWTs only (link shares skip refresh) - checkAuth() attempts cookie refresh when JWT is expired, allowing seamless session resumption after short TTL expiry - Proactive token refresh on page focus/visibility via composable - renewToken() tolerates refresh failures when JWT is still valid
Vikunja
The Todo-app to organize your life.
If Vikunja is useful to you, please consider buying me a coffee, sponsoring me on GitHub or buying a sticker pack. I'm also offering a hosted version of Vikunja if you want a hassle-free solution for yourself or your team.
Table of contents
Security Reports
If you find any security-related issues you don't want to disclose publicly, please use the contact information on our website.
Features
See the features page on our website for a more exhaustive list or try it on try.vikunja.io!
Docs
All docs can be found on the Vikunja home page.
Roadmap
See the roadmap (hosted on Vikunja!) for more!
Contributing
Please check out the contribution guidelines on the website.
License
Most of this repository is licensed under AGPL‑3.0‑or‑later.
The contents of desktop/ are licensed under
GPL‑3.0‑or‑later.
Unsplash Images
Background images from Unsplash are distributed under the Unsplash License. The license requires giving credit to the photographer and Unsplash. See Unsplash’s terms for more information.