Logging out in 'history.php'

[Pofilo]

When we are in history.php, there is no way to disconnect nor to go to password.php again. Plus, the function countdown() of password.php doesn't apply in history.php so we are not automatically disconnected due to inactivity in history.php.

[zeruniverse]

But history.php doesn't contain important stuffs. I don't know if this makes sense...

On Sun, Jul 16, 2017 at 1:42 AM Pofilo notifications@github.com wrote:

When we are in history.php, there is no way to disconnect nor to go to password.php again. Plus, the function countdown() of password.php doesn't apply in history.php so we are not automatically disconnected due to inactivity in history.php.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/zeruniverse/Password-Manager/issues/176, or mute the thread https://github.com/notifications/unsubscribe-auth/AEbvNMn4A4hmKkdFJf_f7RXB4k1xBSbIks5sOc0SgaJpZM4OZPNi .

[Pofilo]

It only becomes a security issue if the user forgets to log out and remains on this page.

However, I do agree, it's not a major problem, just wanted to share it to know if we can consider it at something to solve or not.

[zeruniverse]

Ok maybe we can add a script letting history.php close itself automatically.

On Sun, Jul 16, 2017 at 2:15 AM Pofilo notifications@github.com wrote:

It only becomes a security issue if the user forgets to log out and remains on this page.

However, I do agree, it's not a major problem, just wanted to share it to know if we can consider it at something to solve or not.

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/zeruniverse/Password-Manager/issues/176#issuecomment-315596169, or mute the thread https://github.com/notifications/unsubscribe-auth/AEbvNBxbdBalIbQynIXkEKnY8WbVFGJzks5sOdSegaJpZM4OZPNi .

[BenjaminHae]

Shouldn't the session get invalidated by the server automatically?

This means the history will still be visible, but reopening the manager is impossible. The history could/should be considered confidential though so changing this behavior is something we should think about.

[zeruniverse]

Yes. The session will be invalid. But as long as you don't refresh the history page, it will remain there.

On Sun, Jul 16, 2017 at 2:49 AM Benjamin Häublein notifications@github.com wrote:

Shouldn't the session get invalidated by the server automatically?

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/zeruniverse/Password-Manager/issues/176#issuecomment-315598192, or mute the thread https://github.com/notifications/unsubscribe-auth/AEbvNPbYQGZeIrhAHdV7xZCDBZzYxiv8ks5sOdykgaJpZM4OZPNi .

[BenjaminHae]

As I consider the history at least partially confidential we should consider this. To reduce duplicated implementations of such timeouts I would suggest embedding the history into the main window as a modal which displays the history.

This is really easy as history.php is just using ajax to display the information already.

[zeruniverse]

Yes. I'll do it when I have time

On Sun, Jul 16, 2017 at 2:55 AM Benjamin Häublein notifications@github.com wrote:

As I consider the history at least partially confidential we should consider this. To reduce duplicated implementations of such timeouts I would suggest embedding the history into the main window as a modal which displays the history.

This is really easy as history.php is just using ajax to display the information already.

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/zeruniverse/Password-Manager/issues/176#issuecomment-315598517, or mute the thread https://github.com/notifications/unsubscribe-auth/AEbvNOBbWQaCYq-iFJowprJM52FW50mSks5sOd4XgaJpZM4OZPNi .

[BenjaminHae]

@zeruniverse what do you think about migrating to angularJS? I've experimented a bit with it and I think there are a lot of things that get really easy and a lot more readable than they are now. If you think that's a viable option you could wait changing this until we do it during the transition.

[zeruniverse]

Never used angularJS before… Will take a look

On Sun, Jul 16, 2017 at 10:53 AM Benjamin Häublein notifications@github.com wrote:

@zeruniverse https://github.com/zeruniverse what do you think about migrating to angularJS? I've experimented a bit with it and I think there are a lot of things that get really easy and a lot more readable than they are now. If you think that's a viable option you could wait changing this until we do it during the transition.

— You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub https://github.com/zeruniverse/Password-Manager/issues/176#issuecomment-315625377, or mute the thread https://github.com/notifications/unsubscribe-auth/AEbvNEiSryWjjcOyCOxcLGTq3jJXl1IPks5sOk4vgaJpZM4OZPNi .

[BenjaminHae]

Here's a quick and very rough implementation for the history page. Not fully functional but you can see the important changes.

[zeruniverse]

Thanks!

On Sun, Jul 16, 2017 at 11:11 AM Benjamin Häublein notifications@github.com wrote:

Here's a quick and very rough implementation for the history page https://github.com/BenjaminHae/Password-Manager/tree/angular. Not fully functional but you can see the important changes.

— You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub https://github.com/zeruniverse/Password-Manager/issues/176#issuecomment-315626507, or mute the thread https://github.com/notifications/unsubscribe-auth/AEbvNB6-jif3tayWrTIV-nZNMQi8Uzb3ks5sOlJmgaJpZM4OZPNi .