Task #97059
Updated by Markus Klein over 2 years ago
The re-login popup dialog has conceptual drawbacks, and I opt for removing it as its usefulness has been decreased in the past years. The re-login works as this: An AJAX request is done every 60 seconds. If the session timeout is less than 60 seconds, then than a popup is shown to re-enter their credentials to stay logged in. This is useful when writing longer texts and unsaved changes should be kept. However, the following issues exist: * When using an external login provider (OAuth, SSO, OpenID connect) is used, the re-login concept does not work (that's why there is a global ! option to disable the popup) * When working with multiple tabs, and the editor jumps back to the tab when the session timeout is over, the new session does not keep the existing values either * Custom login providers cannot be used in conjunction with this dialog * The AJAX polling of 60 seconds is rather a bummer, as we should rather use "push" functionality when the login is about to expire * Various places in TYPO3 Backend code try to allow such "AJAX polling" calls and build up the form without any useful rendering of such a dialog In the past years, we also mitigated this issue by setting the session lifetime of backend users from 2h to 8h (= 1 workday) so editors should not see this dialog that often anymore.