Bug 1092790

Summary: Expired sessions have poor usability
Product: [Retired] Zanata Reporter: David Mason <damason>
Component: SecurityAssignee: David Mason <damason>
Status: CLOSED UPSTREAM QA Contact: Zanata-QA Mailling List <zanata-qa>
Severity: medium Docs Contact:
Priority: high    
Version: developmentCC: dchen, zanata-bugs
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: 5
Clone Of: Environment:
Last Closed: 2015-07-31 01:46:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Mason 2014-04-30 02:40:44 UTC 
Description of problem:

- when a user tries to perform an operation when their session has timed out on the server, they are redirected to the error page, then when they log in they are redirected back to the error page with a "no errors" message.
- if a user is editing a project homepage and other field that may hold a significant amount of data, if the user presses 'save' after their session has expired, they are redirected to the error page and lose the data they had entered in the field.

How reproducible:
Always after session timeout

Expected results:
 - Attempting an operation after session timeout should cause users to be presented with a login form.
 - Signing in after session timeout should return users to the page they were previously on.
 - Users have an opportunity to save or recover entered data after they have attempted to perform an operation after session timeout.


Approaches considered:

 1. modal login dialog when you try to do something that requires login (AJAX)
 2. when trying to do an operation after session timeout, redirect to login, and make sure user is returned to the page they were on when they tried to do the operation (would potentially lose data you are in the middle of entering).
 3. save data in a temporary place on the server, save it after login.
 4. use localStorage to save text fields etc. when an operation fails due to session timeout. Offer to recover the data the next time they go to the page (discard the data when they use it or discard it).

Option 2 is considered most feasible.
Option 4 should be prototyped to gain an idea of its feasibility.
Comment 1 Damian Jansen 2014-07-28 01:54:44 UTC 
The user being kicked out of a webtrans session while editing is the most unpleasant of all these - this should be fixed (with the temp save or otherwise).

The other part is finding all the places/actions that require a logged in user and testing what happens when the session is invalidated.
Comment 2 Zanata Migrator 2015-07-31 01:46:57 UTC 
Migrated; check JIRA for bug status: http://zanata.atlassian.net/browse/ZNTA-537