Expired sessions have poor usability

Description

Description of problem:

  • when a user tries to perform an operation when their session has timed out on the server, they are redirected to the error page, then when they log in they are redirected back to the error page with a "no errors" message.

  • if a user is editing a project homepage and other field that may hold a significant amount of data, if the user presses 'save' after their session has expired, they are redirected to the error page and lose the data they had entered in the field.

How reproducible:
Always after session timeout

Expected results:

  • Attempting an operation after session timeout should cause users to be presented with a login form.

  • Signing in after session timeout should return users to the page they were previously on.

  • Users have an opportunity to save or recover entered data after they have attempted to perform an operation after session timeout.

Approaches considered:

1. modal login dialog when you try to do something that requires login (AJAX)
2. when trying to do an operation after session timeout, redirect to login, and make sure user is returned to the page they were on when they tried to do the operation (would potentially lose data you are in the middle of entering).
3. save data in a temporary place on the server, save it after login.
4. use localStorage to save text fields etc. when an operation fails due to session timeout. Offer to recover the data the next time they go to the page (discard the data when they use it or discard it).

Option 2 is considered most feasible.
Option 4 should be prototyped to gain an idea of its feasibility.

Environment

None

Activity

Show:
Carlos Munoz
February 3, 2016, 4:46 AM

There is a new page for view expired exceptions which has been lost after the DI migration. We need to bring it back.

Bugzilla Migration
July 31, 2015, 1:46 AM

Damian Jansen commented on 2014-07-27 21:54:44 -0400:

The user being kicked out of a webtrans session while editing is the most unpleasant of all these - this should be fixed (with the temp save or otherwise).

The other part is finding all the places/actions that require a logged in user and testing what happens when the session is invalidated.

Ready for Release

Assignee

Carlos Munoz

Reporter

David Mason

Labels

None

Tested Version/s

None

Story Points

5

Time remaining

0m

Components

Sprint

None

Fix versions

Priority

High