Project

General

Profile

Task #97059

Updated by Markus Klein over 2 years ago

The re-login popup dialog has conceptual drawbacks, and I opt for removing it as its usefulness has been decreased in the past years. 

 The re-login works as this: An AJAX request is done every 60 seconds. If the session timeout is less than 60 seconds, then than a popup is shown to re-enter their credentials to stay logged in. This is useful when writing longer texts and unsaved changes should be kept. 

 However, the following issues exist: 
 * When using an external login provider (OAuth, SSO, OpenID connect) is used, the re-login concept does not work (that's why there is a global ! option to disable the popup) 
 * When working with multiple tabs, and the editor jumps back to the tab when the session timeout is over, the new session does not keep the existing values either 
 * Custom login providers cannot be used in conjunction with this dialog 
 * The AJAX polling of 60 seconds is rather a bummer, as we should rather use "push" functionality when the login is about to expire 
 * Various places in TYPO3 Backend code try to allow such "AJAX polling" calls and build up the form without any useful rendering of such a dialog 

 In the past years, we also mitigated this issue by setting the session lifetime of backend users from 2h to 8h (= 1 workday) so editors should not see this dialog that often anymore.

Back