ayanova/devdocs/todo.txt

@@ -47,10 +47,21 @@ CURRENT TODOs
 
 
 TODO: AUTO-LOGOUT EXPIRED SESSION?
-	- first off, is this really an issue?
-	- Right now a user can simply close the browser in the middle of a session, re-open it any amount of time later and it will just keep working, however it might have outdatd cached data from the server
-	- What about a time limit after which a session needs to login again just to protect the users from themselves?
-	- Perhaps it can detect a full page refresh (which is what a restart essentially is) and see how long ago it was last active, maybe the time of the last API call to the server and use that info to force re-login.
+	- planning:	
+		- first off, is this really an issue?
+			- No, actually it's kind of useful for keeping on working when a server needs a restart or something
+			- Only real issue is cached data mismatch so perhaps when detected it should toss cached data forcing a reload
+				- Or is this really an issue either?  things cached are form customization and locale text which in the normal course of things won't change much
+
+		- Right now a user can simply close the browser in the middle of a session, re-open it any amount of time later and it will just keep working, however it might have outdatd cached data from the server
+		- What about a time limit after which a session needs to login again just to protect the users from themselves?
+		- Perhaps it can detect a full page refresh (which is what a restart essentially is) and see how long ago it was last active, maybe the time of the last API call to the server and use that info to force re-login.
+	- ACTION: 
+		- add code to reliably detect when a user opens the browser or reloads with a session active
+		- Add code to track last active
+			- User interacted with server sb good enough
+		- toss any cached data if it's been more than an hour since the session was last active
+