Closed johnkm516 closed 1 week ago
As a workaround we have exended the validity interval of both cookie/JWT token to several hours instead of the default 1 hour using the Micronaut Security guide.
Just this week we opened an internal issue to refresh the cookie automatically (1h will be kept if not online, but refresh if online before the 1h) pretty much exactly as you suggested :) we'll take it as a high-priority item, thx for flagging
internal notes/extra context:
currently, the session cookie has a limited duration (configuration is possible, but the default is very low, on the cloud it's set to 1h). We should auto-refresh the cookie when the user is still online before the expiration.
Describe the issue
Kestra currently time-outs the user based on a fixed interval (token expiry) instead of silently refreshing the token when the user is active. The user may be in the middle of editing a flow when the user token expires, which blocks the user from saving when pressing the "Save" button, and then ultimately kicks the user out into the login page without saving which causes the user to lose all the work they've done since they last saved with a valid token.
There needs to be some sort of silent refreshing of tokens periodically when the user is active in the editor or otherwise browsing the dashboard.
Proposed solution :
I think this is a bit of a critical issue, I've lost work multiple times due to this, and because of this bug I'm forced to save more often than I'd like which creates a lot of revisions that I don't want.
Environment