fix: delete sessionCallBlocked only by the same tab that added entry

__tests__/identity.js

@@ -595,11 +595,11 @@ describe('Identity', () => {
 
         describe('session refresh full page redirect', ()=>{
             test('should do redirect when session endpoint respond with redirectURL only', async () => {
-                mockSessionOkResponse(Fixtures.sessionNeedsToBeRefreshedResponse)
-
+                mockSessionOkResponse(Fixtures.sessionNeedsToBeRefreshedResponse);
                 const MOCK_TAB_ID = 1234;
                 const spy = jest.spyOn(Identity.prototype, '_getTabId');
                 spy.mockImplementation(() => MOCK_TAB_ID);
+                identity._tabId = MOCK_TAB_ID;
 
                 await identity.hasSession();
 

src/cache.d.ts

@@ -14,7 +14,6 @@ export default class Cache {
     /**
      * Get a value from cache (checks that the object has not expired)
      * @param {string} key
-     * @private
      * @returns {*} - The value if it exists, otherwise null
      */
     private get;
@@ -23,14 +22,12 @@ export default class Cache {
      * @param {string} key
      * @param {*} value
      * @param {Number} expiresIn - Value in milliseconds until the entry expires
-     * @private
      * @returns {void}
      */
     private set;
     /**
      * Delete a cache entry
      * @param {string} key
-     * @private
      * @returns {void}
      */
     private delete;

src/cache.js

@@ -89,7 +89,6 @@ export default class Cache {
     /**
      * Get a value from cache (checks that the object has not expired)
      * @param {string} key
-     * @private
      * @returns {*} - The value if it exists, otherwise null
      */
     get(key) {
@@ -124,7 +123,6 @@ export default class Cache {
      * @param {string} key
      * @param {*} value
      * @param {Number} expiresIn - Value in milliseconds until the entry expires
-     * @private
      * @returns {void}
      */
     set(key, value, expiresIn = 0) {
@@ -145,7 +143,6 @@ export default class Cache {
     /**
      * Delete a cache entry
      * @param {string} key
-     * @private
      * @returns {void}
      */
     delete(key) {

src/identity.d.ts

@@ -45,23 +45,20 @@ export class Identity extends TinyEmitter {
      */
     private _getTabId;
     /**
-     * Checks if getting session is blocked
+     * Checks if calling get session is blocked
      * @private
-     *
-     * @returns {boolean|void}
+     * @returns {string|null}
      */
     private _isSessionCallBlocked;
     /**
-     * Block calls to get session
+     * Block calls to get session. This is done to prevent concurrent calls which can log user out if session is refreshed by one of them
      * @private
-     *
      * @returns {void}
      */
     private _blockSessionCall;
     /**
-     * Unblocks calls to get session
+     * Unblocks calls to get session if the lock was put by the same tab
      * @private
-     *
      * @returns {void}
      */
     private _unblockSessionCall;
@@ -106,7 +103,7 @@ export class Identity extends TinyEmitter {
     private _setGlobalSessionServiceUrl;
     _globalSessionService: RESTClient;
     /**
-     * Emits the relevant events based on the previous and new reply from hassession
+     * Emits the relevant events based on the previous and new reply from {@link Identity#hasSession}
      * @private
      * @param {object} previous
      * @param {object} current
@@ -121,7 +118,7 @@ export class Identity extends TinyEmitter {
     private _closePopup;
     popup: Window;
     /**
-     * Set the Varnish cookie (`SP_ID`) when hasSession() is called. Note that most browsers require
+     * Set the Varnish cookie (`SP_ID`) when {@link Identity#hasSession} is called. Note that most browsers require
      * that you are on a "real domain" for this to work — so, **not** `localhost`
      * @param {object} [options]
      * @param {number} [options.expiresIn] Override this to set number of seconds before the varnish
@@ -224,7 +221,7 @@ export class Identity extends TinyEmitter {
      * @description This function calls {@link Identity#hasSession} internally and thus has the side
      * effect that it might perform an auto-login on the user
      * @throws {SDKError} If the user isn't connected to the merchant
-     * @return {Promise<string>} The `userId` field (not to be confused with the `uuid`)
+     * @return {number} The `userId` field (not to be confused with the `uuid`)
      */
     getUserId(): Promise<string>;
     /**
@@ -384,7 +381,7 @@ export type LoginOptions = {
      * `password` (will force password confirmation, even if user is already logged in), `eid`. Those values might
      * be mixed as space-separated string. To make sure that user has authenticated with 2FA you need
      * to verify AMR (Authentication Methods References) claim in ID token.
-     * Might also be used to ensure additional acr (sms, otp, eid) for already logged in users.
+     * Might also be used to ensure additional acr (sms, otp, eid) for already logged-in users.
      * Supported value is also 'otp-email' means one time password using email.
      */
     acrValues?: string;
@@ -453,7 +450,7 @@ export type SimplifiedLoginWidgetLoginOptions = {
      * `password` (will force password confirmation, even if user is already logged in). Those values might
      * be mixed as space-separated string. To make sure that user has authenticated with 2FA you need
      * to verify AMR (Authentication Methods References) claim in ID token.
-     * Might also be used to ensure additional acr (sms, otp) for already logged in users.
+     * Might also be used to ensure additional acr (sms, otp) for already logged-in users.
      * Supported value is also 'otp-email' means one time password using email.
      */
     acrValues?: string;
@@ -621,7 +618,7 @@ export type HasSessionFailureResponse = {
 };
 export type SimplifiedLoginData = {
     /**
-     * - Deprecated: User UUID, to be be used as `loginHint` for {@link Identity#login}
+     * - Deprecated: User UUID, to be used as `loginHint` for {@link Identity#login}
      */
     identifier: string;
     /**