Auth & Quiz Engine
Cross-subdomain sessions · reload-safe assessments
Infra engineer · Auth + resilience
The hard-to-see infra: silent JWT refresh with a request queue, and a quiz engine that survives a hard refresh mid-question with timer + answer state intact.
Silent refresh, done properly
The naive approach — refresh on 401 — creates a thundering herd of parallel requests, each racing to refresh. We queue every failed request against a single in-flight refresh promise and drain the queue with the new token. One refresh, N retries, no double-spend.
Reload-safe quizzes
Mid-quiz refreshes used to reset the timer and answer state. We snapshot state to sessionStorage on every mutation, then use PerformanceNavigationTiming to detect reload-vs-navigate on mount and rehydrate only in the reload case.
Cross-subdomain sessions
Users login on the marketing site and stay logged in on the app subdomain. BroadcastChannel syncs token updates across tabs on the same eTLD+1 without cookies-as-glue.
- →Axios interceptor queues failed requests during refresh, retries on new token
- →Cross-subdomain auth sync via BroadcastChannel API
- →PerformanceNavigationTiming + sessionStorage for reload recovery
- →Question prefetching keeps the next question 0ms away