Inactivity timeout for LTI user results in unusable login prompt: CMU-469

[halturner]

I let my LTI authorization lapse. When I returned (about 45 minutes), and clicked "Course overview" and OLI Torus links, I was prompted to log in. I don't have that kind of account.

To Reproduce Time-out your access due to inactivity, then click in the Torus environment.

Expected behavior Two possibilities, together.

• longer authentication
• an explanation that my session timed out due to inactivity, and that I should close the tab so I can return to my LMS and click through to Torus again
• can the browser display a timeout message as soon as it happens, instead of only presenting it after I try to do something? Getting a notification feels less frustrating; having my navigation fail feels defeating.

Environment (please complete the following information): Not relevant, I think

[ThinkThoughtThunk]

Essentially, when logging in through an LTI connection and then timing out, the delivery system prompts you to log in through Torus (where you don't have an account since you came in through LTI). So you have to go back to the LTI launcher and make a new connection to get back into the course.

[ThinkThoughtThunk]

It's not clear what the right way to handle this is. POW persistent session might have a way to handle this (automatically refresh sessions, or longer timeout for LTI connections).

[ThinkThoughtThunk]

Simplest solution (or at least short term fix) is probably to just extend the timeout from 45 minutes to something more reasonable (a day, a week, etc). However, students who no longer have access to a course should be force-logged out. E.g. if a student is unenrolled.