UltimateModuleCreator
commented
7 years ago @maderlock I'm going to do more than that. I'm going to make it so the session does not expire while on the module create/edit screen. Does that sound right?
Closed maderlock closed 7 years ago
UltimateModuleCreator
commented
7 years ago @maderlock I'm going to do more than that. I'm going to make it so the session does not expire while on the module create/edit screen. Does that sound right?
maderlock
commented
7 years ago Practically, great. Does it open a security risk? If the page is left open then the user will be left logged in indefinitely? Another possible approach would be to use ajax calls when there is interaction on the client-side to keep the session renewed.
UltimateModuleCreator
commented
7 years ago @maderlock Yes, if you leave the add/edit page open (and only that one) you will be logged in until the end of time. Maybe I will make this configurable in order to pass responsibility to the user. But this extension should not be used on a live environment so the risk is not that big.
UltimateModuleCreator
commented
7 years ago @maderlock I've added a session prolonging script that works only when in add/edit mode of a module. This can be disabled from the stores->configuration section if needed. I consider this solved in version 2.0.0-beta1.
It is a common problem with this module to do a lot of work creating entities and setting relationships between them before the first submission, at which point the session has expired and all your work is lost.
I suggest placing a warning at the top of the creation page if the admin session is shorter than three minutes or some other arbitrary threshold.