Session timeouts on web

[FrancisG-Massey]

Currently, if a user's session times out on the web app, the admin pages will not load (i.e. if you click on the "Admin" link, nothing happens).

The web app should try to catch the 403 response to any request, but should it then ask the user to log back in again? Or should it save their credentials and automatically log them back in again.

[FrancisG-Massey]

Personally, I think it makes more sense for the web app to ask the user to log back in again. If we're always going to save their credentials and log them back in automatically, what's the point of having timeouts at all?

From what I understand (and from my experience with the mobile app), sending them back to the login screen is likely to be much easier than trying to automatically renew their session as well.

[MrMJLee]

I agree, will implement that feature tomorrow.

[sam-hunt]

Yeah this is the best way to do it. PC access differs from mobile, as people don't always keep them on their person. So its more of a risk to automatically log them in again.