🐛 Getting Force-logged out after 10 minutes of being logged in.

[MagikEh]

🐛 Bug

Getting force-logged out, 10 minutes after being successfully logged in to the applicant landing page.

🦋 Expected Behaviour

I expect to only be force-logged out after 10 minutes of $${\color{green}in \color{red}activity}$$ as is the industry standard/good practice.

🕵️ Details

It feels quite jarring given the deep-thought self-reflection nature of filling out fields when applying for a position to (without warning, see #8779) suddenly get kicked to a page saying

See you again :) get rekt nerd, your session expired * not a direct quote

ouch, my feels :C

--------------------------------------

• Windows 10 v22H2 (OS Build 19045.4780)
• Chrome 128.0.6613.86 (Official Build) (64-bit)
  • Javascript V8 12.8.374.21
  • Active Plugins: [Dark Reader, Ghostry, Auto Tab Discard, Honey]

📋 Steps to Reproduce

1. Log in via talent.canada.ca/en/login-info
2. Start a timer as soon as the landing page finishes loading.
3. Do anything or nothing for 10 minutes. Tested with all of:
   • Sitting on https://talent.canada.ca/en/applicant page (immediately after login), out of focus and not interacting
   • Sitting within job application's text entry box, continuously typing (If I don't hit the save button, all work is lost by the force-logout function, managed to hit ~600 words of ramble typing in 10 minutes!)
   • Clicking around a job application's different stages [Review your career timeline, Education requirements, Skill requirements] every 30s
4. Get logged out automatically!

📸 Screenshot

Image shows the dev tool's network timeline, starting at being successfully logged in, to being timed out (I sat on the landing page for the entire duration) and then to the logged-out landing page being fully loaded. (See the increments of 10,000ms goes all the way up to ~610,000ms (10 minutes) before the red[DOMContentLoaded]/blue[load] milestones of the 'logged out page' are passed.)

I have the HAR file available for analysis if required, just DM me and I'll ship it.

🙋‍♀️ Proposed Solution

if (user.not_active) {
  sleep 600
  get_rekt_n_logout()
}

✅ Acceptance Criteria

• [ ] Users can enter the site and click around undisturbed for periods of time greater than 10 minutes.
• [ ] Users can enter the site and interact with a modal/popup for periods of time greater than 10 minutes.
• [ ] Users can enter the site and after 10 minutes of "No Activity" being detected, then be force-logged out.
  • I'll leave it to y'all to determine what combination of the following is a good definition of "No Activity" from a user.
    • No onclick/button events triggered?
    • No page navigations triggered?
    • No keyboard input?
    • No mouse movement/scroll events fired? (ala screen-saver style)

[marc-donofrio]

Hello there! Thank you for submitting this issue. While we are investigating, can you send us the har file here: support-soutien@talent.canada.ca

[MagikEh]

Sent!

[gobyrne]

Thanks again for the report, this should be resolved now. Closing.