We have moved to GitHub Issues
Created by Andy Butland 28 Sep 2013, 20:54:05 Updated by Shannon Deminick 21 Oct 2013, 03:40:23
Relates to: U4-2786
If your back-office session times out, there's no indication - just a spinner. Clicking the "U" in the left hand navigation still brings up the user name and log out button. Only by a full refresh of the page do you get the login page again.
What we're doing is tracking the remaining minutes for the user - this is part of the UserDetail initial load. Then for each authenticated request in the back office we check for the user's ticket, determine their remaining timeout and add that as a custom response header. Then our injector in Js detects that and updates the user's remaining seconds = awesome. Since we are also counting down the seconds in JS we will always have a good indication of session expiry without any real overhead. Next, we'll make a call specifically to get the remaining seconds when the user hasn't made any requests for a bit - just to keep it as accurate as possible. Finally we'll show the login dialog when the user's session expires (or is about to expire).
Didn't the log me out in previous versions get hosed as so annoying? Wondering why it's been added back in as the default?
there's always been a session timeout in umbraco and it's controlled by the setting: umbracoTimeOutInMinutes in the web.config. By default this is 20 minutes and it is a sliding timeout so on each request that is authenticated we'll renew the auth ticket. If you are idle for this time then the login dialog is displayed. Of course you can change this timeout to whatever large number you like.
Type: Usability Problem
Assignee: Shannon Deminick
Backwards Compatible: True
Affected versions: 7.0.0
Due in version: 7.0.0