From 5174be24c8ecc27018cc24212962be2522938343 Mon Sep 17 00:00:00 2001 From: John Cardinal Date: Wed, 11 Dec 2019 21:25:10 +0000 Subject: [PATCH] --- ayanova/devdocs/todo.txt | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/ayanova/devdocs/todo.txt b/ayanova/devdocs/todo.txt index e238b2ec..dfb76eb3 100644 --- a/ayanova/devdocs/todo.txt +++ b/ayanova/devdocs/todo.txt @@ -46,21 +46,7 @@ CURRENT TODOs =-=-=-=-=-=-= -TODO: AUTO-LOGOUT EXPIRED SESSION? - - planning: - - first off, is this really an issue? - - No, actually it's kind of useful for keeping on working when a server needs a restart or something - - Only real issue is cached data mismatch so perhaps when detected it should toss cached data forcing a reload - - Or is this really an issue either? things cached are form customization and locale text which in the normal course of things won't change much - - Right now a user can simply close the browser in the middle of a session, re-open it any amount of time later and it will just keep working, however it might have outdatd cached data from the server - - What about a time limit after which a session needs to login again just to protect the users from themselves? - - Perhaps it can detect a full page refresh (which is what a restart essentially is) and see how long ago it was last active, maybe the time of the last API call to the server and use that info to force re-login. - - ACTION: - - add code to reliably detect when a user opens the browser or reloads with a session active - - Add code to track last active - - User interacted with server sb good enough - - toss any cached data if it's been more than an hour since the session was last active @@ -271,7 +257,25 @@ TO TEST: - above changes block -FIXES REQUIRED +MAYBE: AUTO-LOGOUT EXPIRED SESSION? + - planning: + - Moved to maybe in case it's an issue down the road + - first off, is this really an issue? + - No, actually it's kind of useful for keeping on working when a server needs a restart or something + - Only real issue is cached data mismatch so perhaps when detected it should toss cached data forcing a reload + - Or is this really an issue either? things cached are form customization and locale text which in the normal course of things won't change much + + - Right now a user can simply close the browser in the middle of a session, re-open it any amount of time later and it will just keep working, however it might have outdatd cached data from the server + - What about a time limit after which a session needs to login again just to protect the users from themselves? + - Perhaps it can detect a full page refresh (which is what a restart essentially is) and see how long ago it was last active, maybe the time of the last API call to the server and use that info to force re-login. + - ACTION: + - add code to reliably detect when a user opens the browser or reloads with a session active + - Add code to track last active + - User interacted with server sb good enough + - toss any cached data if it's been more than an hour since the session was last active + + +FIXES REQUIRED (WTF? Is this still valid stuff ????????????????????????????????????????????????????????????????????????????????????????????????) - API get code is incorrectly dealing with expired bearer cert, a 401 is returned and it tries to parse the result as if it succeeded when it really should trigger a login process - Time zone offset mismatch warning needs expansion, it should only prompt a few times (maybe or find a way to deal with this) and it should offer to change it at the server automatically