Session timeout, input lost.

[MeesvanStraten]

Describe the bug

When idle for example during adding projects or editing, a user can be logged out without extending their session or giving a warning. Thus all input is lost. It is not exactly known what the session timeout is but some research is required for this issue. Find a solution to warn the user or solve this problem. Research what common and best practices are and implement this fix.

To Reproduce

Steps to reproduce the behavior:

1. Log in and add or edit a project.
2. Remain idle for a certain time.
3. You are logged out and data you entered without saving is now lost.

Expected behavior

I believe that the current session timeout is 30 minutes, which is probably fine. Maybe we could save a project in the local storage of the browser so that when a user is logged back in we can restore the unfinished project from local storage. This way the user can start editing the project again and does not need to start over.

Maybe there are far better solutions, research potential solutions and implement.

View w3 documenation for guidelines.

[patrickdb]

Hi, I am the teacher who originally experienced this issue. Some extra clarification.

• A session timeout of 30 minutes is in my opinion too short. In my specific case I was interrupted from my work for some student questions, which took some time. After that was solved I had a lunch break ... the time taken was 2 hours, before I continued.
• It was not clear to me as a user, that i was logged out. I was in the middle of the wizard and wanted to continue with one of the last steps. I think in these steps some data is needed (tags), which cannot be loaded and there is a reply of a session time-out.

[waltersajtos]

Sounds like this is caused by the silent refresh not working properly, right @MeesvanStraten? I can't find any issue for it but it shouldn't be too hard to fix.

In the http interceptor add a check for 401 errors and check if the reason is an expired token. If it is, get a new token from the backend and save the new tokens. I think that if we do this instead of the unreliable i-frame implementation that we use now the page won't have to be reloaded.

[MeesvanStraten]

Thanks! Was already thinking about saving unfinished changes in local storage and restoring them after relogin. Maybe this all is not necessary with your suggestion. Will make sure to look into this or for the person picking this issue.