1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Future Fix Unnoticed session timeout can lead to lost replies

Discussion in 'Future-Fix Bug Reports' started by AlexT, Jul 13, 2013.

  1. AlexT

    AlexT Well-Known Member

    Scenario:
    1. User is logged in
    2. User stays idle until his session expires. He doesn't notice it's expired since there is no notice. Meanwhile he is still looking at a particular thread.
    3. User makes a post via quick reply. Upon hitting the post reply button, a modal window pops open ("The following error occurred: You must be logged-in to do that.") with the login form.
    4. Upon filling out the login form in the modal window, the user is returned to the previous thread. But the reply text is lost.
    (related: in step 2, xF is continuously trying to save a draft, although it's naturally returned with a 403 error).
     
    Last edited: Jul 14, 2013
    tyteen4a03 and Marcus like this.
  2. Jeremy P

    Jeremy P Well-Known Member

    A proposal: save drafts to local storage every time you attempt to save to the server (as a fallback if no draft is found in the database) along with a timestamp, and have some cleanup JS code to remove old entries so they don't pile up.

    That way when they're returned to the previous thread you could load everything from there. Also helps if internet connection is broken, latest drafts can still be recovered if they have a newer timestamp that the database draft.
     
  3. AlexT

    AlexT Well-Known Member

    Or it could be solved with a ajax-based session timeout warning.
     
  4. Jeremy P

    Jeremy P Well-Known Member

    I know what I proposed is a bit of a late change but it seems like some client-side redundancy would come in handy here and in a few other cases. I was a bit surprised that drafts were server side at first, though I guess that means if all is well you can resume a draft from another computer before it expires.
     
  5. Mike

    Mike XenForo Developer Staff Member

    So I'm going to tag this as a future fix, though I have made (rather, am in the process of finishing) some changes that do maintain the post data through the login form. This makes the solution more general.

    However, there are some situations where this falls over -- technically, depending on what's being triggered, even GET based things may not redirect to exactly where you expect (though this isn't as significant).

    These changes are likely too significant (or too spread out) to make at this stage of 1.2.
     
    AlexT and shenmuee like this.
  6. japersonal

    japersonal Member

    Hi everyone :)

    Something similar just happened to me... but once I entered username & password, I was shown a page with the following error message:

    And URL at the address bar was:

     

Share This Page