← Selected work
03
2024

Auth & Quiz Engine

Cross-subdomain sessions · reload-safe assessments

Infra engineer · Auth + resilience

The hard-to-see infra: silent JWT refresh with a request queue, and a quiz engine that survives a hard refresh mid-question with timer + answer state intact.

0
logout-on-refresh bugs
0ms
next-question latency (prefetch)
1 tab
single-source auth, N subdomains
Stack
JWTAxios interceptorsBroadcastChannelsessionStorageReact

Silent refresh, done properly

The naive approach — refresh on 401 — creates a thundering herd of parallel requests, each racing to refresh. We queue every failed request against a single in-flight refresh promise and drain the queue with the new token. One refresh, N retries, no double-spend.

Reload-safe quizzes

Mid-quiz refreshes used to reset the timer and answer state. We snapshot state to sessionStorage on every mutation, then use PerformanceNavigationTiming to detect reload-vs-navigate on mount and rehydrate only in the reload case.

Cross-subdomain sessions

Users login on the marketing site and stay logged in on the app subdomain. BroadcastChannel syncs token updates across tabs on the same eTLD+1 without cookies-as-glue.

Highlights
  • Axios interceptor queues failed requests during refresh, retries on new token
  • Cross-subdomain auth sync via BroadcastChannel API
  • PerformanceNavigationTiming + sessionStorage for reload recovery
  • Question prefetching keeps the next question 0ms away