Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Notification when logged out for inactivity #29

Closed
itsrachelfish opened this issue Mar 21, 2016 · 3 comments
Closed

Notification when logged out for inactivity #29

itsrachelfish opened this issue Mar 21, 2016 · 3 comments
Labels
bug feature request help wanted priority: high

Comments

@itsrachelfish
Copy link
Member

When a user is logged out for inactivity, there is no indication of this until they refresh the page. This can be especially confusing when a user tries to update their application (which fails, but no error message is displayed) and all of their answers are lost when they go to review.
@marcj303
Copy link
Contributor

Users hit this a lot with the short (~20min?) timeout. Users take hours and days working on these applications. It is unexpected to be logged out after a short time and they report losing data when it happens.

There seems to be two parts to this.

  1. Extend the session time to something reasonable (several hours). The default in laravel session.php should 'lifetime' => 120, but the session seem to timeout much faster. There are some discussions about how laravel timeouts work and why it shouldn't be using php timeouts, but that doesn't seem to be the case. I don't understand why the forms are timing out in ~20minutes.
  2. Notification of being logged out so that the user doesn't think that they ajax session is still saving data. I guess that there should be a check in the AJAX save that returns and error and that error is handled and sent to the user.

This extension may solve the issue:
https://github.com/GeneaLabs/laravel-caffeine

Laravel session discussions:
https://laracasts.com/discuss/channels/general-discussion/session-lifetime-timeout-and-csrf-token-mismatch
https://laracasts.com/discuss/channels/general-discussion/crsf-checked-before-auth

laravel/framework#5416 (comment)
http://stackoverflow.com/questions/31295126/laravel-5-losing-sessions-and-env-configuration-values-in-ajax-intensive-applic

@itsrachelfish
Copy link
Member Author

I increased the session lifetime to 10080, which is 7 days. We should test to see if we stay logged in now or if there's something else causing the logouts.

@itsrachelfish
Copy link
Member Author

Yep, it's been 10 days and I'm still logged in. I've been visiting the site every couple days to make sure I'm still logged in, and now I can confirm that visiting the site delays your session timeout. I doubt anyone is going to leave their browser window open for a week so I think we can say this is fixed, but I agree that the AJAX requests should notify the user of errors.

I'm going to make a separate issue for that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug feature request help wanted priority: high
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@itsrachelfish @marcj303