Expired sessions have poor usability


Description of problem:

  • when a user tries to perform an operation when their session has timed out on the server, they are redirected to the error page, then when they log in they are redirected back to the error page with a "no errors" message.

  • if a user is editing a project homepage and other field that may hold a significant amount of data, if the user presses 'save' after their session has expired, they are redirected to the error page and lose the data they had entered in the field.

How reproducible:
Always after session timeout

Expected results:

  • Attempting an operation after session timeout should cause users to be presented with a login form.

  • Signing in after session timeout should return users to the page they were previously on.

  • Users have an opportunity to save or recover entered data after they have attempted to perform an operation after session timeout.

Approaches considered:

1. modal login dialog when you try to do something that requires login (AJAX)
2. when trying to do an operation after session timeout, redirect to login, and make sure user is returned to the page they were on when they tried to do the operation (would potentially lose data you are in the middle of entering).
3. save data in a temporary place on the server, save it after login.
4. use localStorage to save text fields etc. when an operation fails due to session timeout. Offer to recover the data the next time they go to the page (discard the data when they use it or discard it).

Option 2 is considered most feasible.
Option 4 should be prototyped to gain an idea of its feasibility.




Carlos Munoz


David Mason



Tested Version/s


Story Points





Fix versions