Open jd2rogers2 opened 2 years ago
Should we still do this for MVC? I think letting the cookie expire is standard. We would just need to handle what the user sees when they are no longer authorized. We can try recovering un-submitted forms from session storage.
after https://github.com/Nonprofit-Exchange-Hub/web-app/pull/91 we have a cookie that auto refreshes every 1hr instead we should: on login have a pair of radio buttons (both unselected as initial value)
option 1 will make the session reset at midnight, so user has to log back in the next day option 2 will never reset, so cookie persists indefinitely
we do this by passing a daterange/end time from the client to the BE /auth/login endpoint that daterange/end time is what we use as the expiration value for the cookie this cookie can otherwise stay the same as its current implementation (being passed to BE automatically as cookies do)
but with this, we want users whose cookies have expired to be able to log back in and keep any current form state they have going i'm thinking that we have a wrapper around
fetch
that maybe comes from a provider look at userProvider for example except inside this provider we'll have something like