/
Intellectual session expiration handling (Front-End)

Intellectual session expiration handling (Front-End)

Owned by Alex
Apr 08, 2013

Sessions does expire. Default expiration period in In-Portal is 1 hour. This means, that user wasn't doing anything on a website for 1 hour while being logged-in he is automatically logged-out. Gladly in this case user is kept on same page he was visiting before.

Some side effects still apply:

  1. if page was login-protected, then user is redirected to login page, but I'm not sure if performing a login on that page would in fact return user to same page he was viewing before session expiration happened
  2. in any case whatever user was entering on a page is lost due redirect to one or another page
  3. no message about session expiration is displayed to user, that's why he might feel confused about sudden redirect or data loss

Here are some ideas on how to solve this:

  • have system-wide drafting functionality
    • in same database table record can be live/draft
    • same record can have different draft for every user
    • if user open add/edit page of record, for which draft exists, the he is presented with extra option to restore/discard draft (also sees "other N users are editing this page" message if appropriate)
    • all draft saving happens automatically (via ajax)
    • if user's draft save date is older, then actual record last update date, then show extra warning
    • define set of record fields, that goes into draft (e.g. text fields, but not IDs or something similar)
    • don't show draft records when viewing record list anywhere (Admin/Front-End)
    • since drafts are saved automatically, then it's very like that all actual form data would be saved before session expiration happens
    • draft save requests (or any ajax made requests in fact) should not prolong session expiration time
    • once draft was restored it is deleted
  • if session expires, then show a dedicated message to user on a form he was working at (don't know how to determine exact form in case if page have many of them); maybe general overlay banner on top would suffice
  • when user gets to the page he was on before expiration (in any possible way), then show him draft availability with restore possibilities


P.S.

Same behavior can't be easily replicated for Admin Console due frame/modal window/temp table usage. And I think, that administrators must be clever enough to save their work progress and don't let session expiration hit them.

Anyway adding a "Session Expires After: N minutes" (live timer) message somewhere in top frame can be pretty useful for them.