When a user is inactive for a set amount of time, they will require re-authorization.
This re-reauthorization works in the form of a pop-up window that requests the user's username and password. This mechanism works well when the user is still active, but the session expires on the server side. The users would be able to re-enter their authorization information and continue their session.
The negative effects of this system is when a user steps away from the terminal and their session times out. If there is sensitive customer information on the page and the session times out, some of this information may still be visible behind the authorization pop-up.
There should be an additional check that if the browser windows has no activity for the set amount of time, that Omni redirects the user to the login page, clearing where they were.
Some things to consider:
Public pages such as the payment portal should not redirect users to the login window, no matter what.
All that is required is to make sure the reauth modal doesn't stop the inactivity counter from executing the redirect. Above already is how it functions in most cases.
When a user is inactive for a set amount of time, they will require re-authorization.
This re-reauthorization works in the form of a pop-up window that requests the user's username and password. This mechanism works well when the user is still active, but the session expires on the server side. The users would be able to re-enter their authorization information and continue their session.
The negative effects of this system is when a user steps away from the terminal and their session times out. If there is sensitive customer information on the page and the session times out, some of this information may still be visible behind the authorization pop-up.
There should be an additional check that if the browser windows has no activity for the set amount of time, that Omni redirects the user to the login page, clearing where they were.
Some things to consider: