Refresh session modal instead of Refresh page

FeRojas · 2026-02-24T13:06:54.816+00:00

In a web app, I'm using WorkOS for authentication (with Convex), and I use a refresh page to refresh the session token, inspired by the Nordbase template. I was wondering if it would be a good option to replace or complement the refresh page with a modal that has the same functionality — refreshing the token — with the goal of improving UX by not losing what the user was working on, and also being faster since we don't have to load an entire new page and then return to the original one.The specific use case is when the user navigates to an external page and comes back after a while to the app with an expired session. Instead of redirecting to the refresh page, a modal would load inline within the current protected-page-wrapper component, preserving the user's state, refresh the token and then show = false.Is anything in particular that should I worry about this approach? I am only asking because it is a security sensitive flow, so I want to be sure that it is secure approach.

FeRojas
10 hours ago
In a web app, I'm using WorkOS for authentication (with Convex), and I use a refresh page to refresh the session token, inspired by the Nordbase template. I was wondering if it would be a good option to replace or complement the refresh page with a modal that has the same functionality — refreshing the token — with the goal of improving UX by not losing what the user was working on, and also being faster since we don't have to load an entire new page and then return to the original one.
The specific use case is when the user navigates to an external page and comes back after a while to the app with an expired session. Instead of redirecting to the refresh page, a modal would load inline within the current protected-page-wrapper component, preserving the user's state, refresh the token and then show = false.

Is anything in particular that should I worry about this approach? I am only asking because it is a security sensitive flow, so I want to be sure that it is secure approach.
Jay Campbell
9 hours ago
When your API fails to get the user you can check if there’s a refresh token and refresh the session if there is.
FeRojas
8 hours ago
Hi! The thing is that there are various API that could fail, and I need to refresh token and also Convex_setAuth, so I would need to apply all this flow to every API that fails if I dont do it with a unified component. And also because Im using WorkOS I need to trigger a special to refresh token (it seems to be I way to use an automatic refresh token also for WorkOS using Convex package and a fetchToken callback but havent implement it yet).

Refresh session modal instead of Refresh page

FeRojas

Jay Campbell

FeRojas