馃悶 Control Panel "There is a problem with your session" page #4572
Labels
bug
Something isn't working
Comments
michaeljcollinsuk
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug.
When a user logs in to the Control Panel, their session length is 1 hour. When this expires, they are redirected to a page that states there is a problem with their session, with a link to "reset your session":
To Reproduce
Expected Behaviour
This information is not accurate - there is no "problem" with the session, it has simply expired. Therefore as a minmum, the text on this page should be updated to more accurately reflect the issue e.g. "Your session has expired, please click here to log back in".
However, now that the MFA requirement was disabled in #4557 we may have the opportunity to now implement a session refresh mechanism, so that we log the user back in programatically, removing the need for the redirect. We should be able to limit this "session refresh" for to a set time period (e.g. 12 hours) before we then redirect the user, and prompt them to manually log back in.
Additional context
Some further reading:
https://auth0.com/docs/secure/tokens/refresh-tokens
https://auth0.com/blog/balance-user-experience-and-security-to-retain-customers/
The text was updated successfully, but these errors were encountered: