Patch #15234

A popup message after session timeout

Added by Karel Pičman over 8 years ago. Updated over 8 years ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Accounts / authentication
Target version:-

Description

When the session timeout is set and a user leaves an unsaved form for a while so their session expires and clicks on the Save button, they is redirected to the login page and all unsaved data from the form just being edited are lost.

The same frustrating situation can happend when you write a long wiki page.

The flash message on the login page does't help to recover lost data.

I thing that the user should be warn before data are lost.

Please take into account the attached simple patch that add a Javascript popup message with the warning text about session expiration.

session_expired_popup_message.diff Magnifier (3.65 KB) Karel Pičman, 2013-10-31 17:19

session_expired_popup_message_v2.diff Magnifier (3.65 KB) Karel Pičman, 2013-11-01 08:40


Related issues

Related to Redmine - Feature #10569: Save user data on invalid form authenticity token New

History

#1 Updated by Etienne Massip over 8 years ago

I guess that the patch won't work if redmine is installed with a sub-URI.

Also, won't the heartbeat request reactivate the session?

#2 Updated by Karel Pičman over 8 years ago

I guess that the patch won't work if redmine is installed with a sub-URI.

I've removed the slash in route.rb:

-get '/session_heartbeat', :to => 'application#session_heartbeat'
+get 'session_heartbeat', :to => 'application#session_heartbeat'

Also, won't the heartbeat request reactivate the session?

I don't think so. I skip the reactivation in session_expiration method:

def session_expiration
+    # Skip session heartbeat
+    return if ((params[:controller] == 'application') && (params[:action] = 'session_heartbeat'))

#3 Updated by Toshi MARUYAMA over 8 years ago

  • Related to Feature #10569: Save user data on invalid form authenticity token added

Also available in: Atom PDF