Session duration is quite short and despite of editing session duration in config.php as set previously, continues to logout quite fast. The system will logout even if one is working #227
Comments
|
I can confirm automatic logout respects the value for "timeout" in the user record (in www_users). It took approx 5 min for an idle login showing the main menu to timeout with the default timeout value (5 min). I then changed the timeout value to 10 minutes, logged out and back in, and it took 10 min for the idle window to timeout. I can understand it would be inconvient at least, if not extremely frustrating, if the timeout occured after I had entered part of the data into a form (e.g. into a new purchase order), then had to look something up and before I finished the form was logged out automatically and the data I had entered was lost. The timesheet software I use has similar behavior and it is very frustrating when I'm automatically logged out and all the data I entered is lost. |
|
The automatic timeout mechanism may have side effect issues. I often see an "submitted with incorrect form ID" error after automatic timeout (but not always). The same error also occured once after a new login.
I also saw a "Confirm Form Resubmission" error once leaving the browse window idle (presuming to have occured as a result of auto timeout).
|
|
The timeout should only happen after not using for that interval. Are you
saying you see it happening while in use?
Tim
…On Wed, 13 Nov 2024 at 04:28, Dale Scott ***@***.***> wrote:
The automatic timeout mechanism may also have side effect issues. I often
see an "submitted with incorrect form ID" error after automatic timeout.
The same error also occured once after a new login.
2024-11-12.21_16_04.login.after.timeout.-.submitted.with.incorect.form.ID.png
(view on web)
<https://github.com/user-attachments/assets/945bb64d-0d25-401f-ab14-bce5710027ca>
I also got a "Confirm Form Resubmission" error once after timeout.
2024-11-12.19_59_21.presume.login.must.have.auto-timed-out.png (view on
web)
<https://github.com/user-attachments/assets/29a14a61-e8bc-424b-ac13-2aa00e2b1a27>
—
Reply to this email directly, view it on GitHub
<#227 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAL6LDPQHEGERDASQGKHEL2ALIQJAVCNFSM6AAAAABRSSLDIGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINZSGM2DSOJUGM>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
Thinking more about this, it is server use that is monitored, so typing into a form in the browser wouldn't get treated as use. The reason I changed it to per user was because for users who filled in large forms might want it set to longer than others. REmember to logout and back in for that change to take affect. Tim |
|
From #213 by @efeoli "Session duration is quite short and despite of editing session duration in config.php as set previously, continues to logout quite fast." I understood this to be a report that the actual logout time was not affected by changing the timeout value. I confirmed both 5min and 10min work correctly by measurement after changing the value and logging out and back in (which I suspect @efeoli might not have). Of more concern to me is the periodic "ERROR; This form was not submitted with a correct ID" banner, which happens quite often after being automatically logged out (feels like 1 time in 3 but I'll start keeping track). Some web apps somehow store data being typed in a form (perhaps by Javascript in the session?), and if the user is auto-timed-out, they enter their password and are returned to the form with all the data they typed still there. Of course I can't recall a specific one to reference but certainly and frustratingly NOT my timesheet web app. |
|
I did look at saving the form state. It got complicated because the session is being shut down by the server, but it would need the client to store the field data. I just wasn't sure the effort was worth the result. |
|
I would argue that making anything more complicated should be strictly avoided - at least until after 5.1. I would also argue that if a feature is causing an issue (e.g. incorrect form ID error after logging back in after auto-logout), the feature should perhaps be removed and possibly the code simplified until the issue is not possible. I'm not actually proposing this now, only saying an option to resolve the incorrect form ID error might be to move the auto-logout changes to a feature branch to simplify the code until later in the 5.x series when there is more time avaiable. |
|
Dale, I did a change yesterday that should have removed the form id error. Not sure where I posted the comment about it, can you check? |
timschofield
added
the
Fix committed needs testing
No description provided.
The text was updated successfully, but these errors were encountered: