Project

General

Profile

Actions

Patch #15234

open

A popup message after session timeout

Added by Karel Pičman over 10 years ago. Updated 6 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Accounts / authentication
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:

Description

When the session timeout is set and a user leaves an unsaved form for a while so their session expires and clicks on the Save button, they is redirected to the login page and all unsaved data from the form just being edited are lost.

The same frustrating situation can happend when you write a long wiki page.

The flash message on the login page does't help to recover lost data.

I thing that the user should be warn before data are lost.

Please take into account the attached simple patch that add a Javascript popup message with the warning text about session expiration.


Files


Related issues

Related to Redmine - Feature #10569: Save user data on invalid form authenticity tokenNew

Actions
Actions #1

Updated by Etienne Massip over 10 years ago

I guess that the patch won't work if redmine is installed with a sub-URI.

Also, won't the heartbeat request reactivate the session?

Actions #2

Updated by Karel Pičman over 10 years ago

I guess that the patch won't work if redmine is installed with a sub-URI.

I've removed the slash in route.rb:

-get '/session_heartbeat', :to => 'application#session_heartbeat'
+get 'session_heartbeat', :to => 'application#session_heartbeat'

Also, won't the heartbeat request reactivate the session?

I don't think so. I skip the reactivation in session_expiration method:

def session_expiration
+    # Skip session heartbeat
+    return if ((params[:controller] == 'application') && (params[:action] = 'session_heartbeat'))

Actions #3

Updated by Toshi MARUYAMA over 10 years ago

  • Related to Feature #10569: Save user data on invalid form authenticity token added
Actions #4

Updated by Гордеев Алексей about 1 year ago

It's still actual...

Actions #5

Updated by Miguel Jacq 6 months ago

I'm interested in this solution, but I'm not sure it is working anymore.

I'm on Redmine 4.2.10.

When I go to /session_heartbeat it always says session expired: true, even though my session is definitely still valid. I assume the 'remain' check is somehow evaluating true for '<= 0' but haven't debugged further.

@ Karel Pičman, do you have any idea on how to make sure it works with a more recent Redmine? I appreciate it's been 10 years :o and I'm sorry the devs didn't use or evolve your patch at the time!

Actions #6

Updated by Miguel Jacq 6 months ago

Actually, it does seem to be working in the UI when the session expires! I just don't understand why it always reports 'expired: true' when I visit the heartbeat page directly, but in any case, the actual 'real-life use case' seems to work as expected. Great.

Actions

Also available in: Atom PDF