Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Session timeout on page with read requests #1916

Closed
jrchudy opened this issue Mar 10, 2020 · 0 comments
Closed

Session timeout on page with read requests #1916

jrchudy opened this issue Mar 10, 2020 · 0 comments
Labels
discussion required requires a discussion before moving forward record recordset

Comments

@jrchudy
Copy link
Member

jrchudy commented Mar 10, 2020
edited
Loading

This requires further discussion and is related to issue #1838 .

The scenario is that a timeout/logout occurred while a user was looking at a page that can trigger further read requests (record/recordset) that require certain permissions to retrieve the data.

The user loaded the page with permission to see the content, a timeout (or logout) occurs, then the user tries to facet (recordset) or page to the next page of data or change the page size (record/recordset). The user is then prompted with a login modal:

  1. The same user signs in again
    - we take a similar approach as we are doing for recordedit and continue processing the requests that previously caused an error (post login)
  2. A different user signs in, this user does NOT have permission to read the table an action was taken on
    • error modal shown to user with appropriate error message, do not allow dismissal and provide a "reload" and "home" navigation option
    • Alternative (HT):
      • error message: Your login account xxx is different from the existing account.
      • Click OK to continue with account xxx. Continue as xxx will refresh the page with new credential. Dismiss will leave them where they were.
    • @RFSH suggested that not having permission could also be an issue with a pseudo column which touches a table the user can't read from. Not sure if this changes how this should be handled
  3. A different user signs in, this user does have permission to read the table an action was taken on
    • should this be handled like the above case for a user without permission?
  4. A different user signs in, this user has MORE permissions to read the table an action was taken on
    • This means the user could have more columns visible to them that aren't being shown
    • Same could happen with a user with less privileges, they may not be able to see a specific set of columns shown
  5. The user returns to an anonymous user without logging back in
    • facet popups may have less options visible to them and not be aware of being logged out and why the options seem to be less than usual

The current functionality is to automatically reload the page when a user logs in. This was done to simplify the process and not have to worry about handling it differently.

This is related to issue #1918 .

@karlcz @hongsudt could you review this and add comments?
@jrchudy jrchudy added enhancement record recordset discussion required requires a discussion before moving forward labels Mar 10, 2020
@jrchudy jrchudy mentioned this issue Mar 10, 2020
Closed
@hongsudt hongsudt added the bug label Mar 10, 2020
@jrchudy jrchudy mentioned this issue Mar 23, 2020
Merged
@RFSH RFSH removed the enhancement label Apr 11, 2022
@jrchudy jrchudy changed the title Timeout on page with read requests Session timeout on page with read requests Apr 12, 2022
@jrchudy jrchudy removed the bug label Apr 12, 2022
@jrchudy jrchudy mentioned this issue Feb 13, 2024
Open
5 tasks
@jrchudy jrchudy closed this as completed Feb 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discussion required requires a discussion before moving forward record recordset
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hongsudt @RFSH @jrchudy