This commit is contained in:
@@ -46,21 +46,7 @@ CURRENT TODOs
|
||||
=-=-=-=-=-=-=
|
||||
|
||||
|
||||
TODO: AUTO-LOGOUT EXPIRED SESSION?
|
||||
- planning:
|
||||
- first off, is this really an issue?
|
||||
- No, actually it's kind of useful for keeping on working when a server needs a restart or something
|
||||
- Only real issue is cached data mismatch so perhaps when detected it should toss cached data forcing a reload
|
||||
- Or is this really an issue either? things cached are form customization and locale text which in the normal course of things won't change much
|
||||
|
||||
- Right now a user can simply close the browser in the middle of a session, re-open it any amount of time later and it will just keep working, however it might have outdatd cached data from the server
|
||||
- What about a time limit after which a session needs to login again just to protect the users from themselves?
|
||||
- Perhaps it can detect a full page refresh (which is what a restart essentially is) and see how long ago it was last active, maybe the time of the last API call to the server and use that info to force re-login.
|
||||
- ACTION:
|
||||
- add code to reliably detect when a user opens the browser or reloads with a session active
|
||||
- Add code to track last active
|
||||
- User interacted with server sb good enough
|
||||
- toss any cached data if it's been more than an hour since the session was last active
|
||||
|
||||
|
||||
|
||||
@@ -271,7 +257,25 @@ TO TEST:
|
||||
- above changes block
|
||||
|
||||
|
||||
FIXES REQUIRED
|
||||
MAYBE: AUTO-LOGOUT EXPIRED SESSION?
|
||||
- planning:
|
||||
- Moved to maybe in case it's an issue down the road
|
||||
- first off, is this really an issue?
|
||||
- No, actually it's kind of useful for keeping on working when a server needs a restart or something
|
||||
- Only real issue is cached data mismatch so perhaps when detected it should toss cached data forcing a reload
|
||||
- Or is this really an issue either? things cached are form customization and locale text which in the normal course of things won't change much
|
||||
|
||||
- Right now a user can simply close the browser in the middle of a session, re-open it any amount of time later and it will just keep working, however it might have outdatd cached data from the server
|
||||
- What about a time limit after which a session needs to login again just to protect the users from themselves?
|
||||
- Perhaps it can detect a full page refresh (which is what a restart essentially is) and see how long ago it was last active, maybe the time of the last API call to the server and use that info to force re-login.
|
||||
- ACTION:
|
||||
- add code to reliably detect when a user opens the browser or reloads with a session active
|
||||
- Add code to track last active
|
||||
- User interacted with server sb good enough
|
||||
- toss any cached data if it's been more than an hour since the session was last active
|
||||
|
||||
|
||||
FIXES REQUIRED (WTF? Is this still valid stuff ????????????????????????????????????????????????????????????????????????????????????????????????)
|
||||
|
||||
- API get code is incorrectly dealing with expired bearer cert, a 401 is returned and it tries to parse the result as if it succeeded when it really should trigger a login process
|
||||
- Time zone offset mismatch warning needs expansion, it should only prompt a few times (maybe or find a way to deal with this) and it should offer to change it at the server automatically
|
||||
|
||||
Reference in New Issue
Block a user