You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jspwiki.apache.org by "Janne Jalkanen (JIRA)" <ji...@apache.org> on 2009/07/24 23:36:14 UTC

[jira] Created: (JSPWIKI-579) Recreating Sessions

Recreating Sessions
-------------------

                 Key: JSPWIKI-579
                 URL: https://issues.apache.org/jira/browse/JSPWIKI-579
             Project: JSPWiki
          Issue Type: Improvement
    Affects Versions: 2.8.2
            Reporter: Janne Jalkanen


People have displayed annoyance at the way our current session expiry works: If you start editing a page, and the editing takes too long, the session may expire, and you are served a very cryptic page describing how to log into JSPWiki, or told something about Session expiration, which, of course, tells really nothing to the user.

Since this causes a dataloss of your edits, we should really try very hard to restart the Session. Obviously, this is not possible if user credentials have expired, but if the wiki is open to all, or CookieAuthenticationLoginModule is in use, then restarting the Session should be possible.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Re: [jira] Created: (JSPWIKI-579) Recreating Sessions

Posted by Murray Altheim <mu...@altheim.com>.

Janne Jalkanen (JIRA) wrote:
> Recreating Sessions
> -------------------
> 
>                  Key: JSPWIKI-579
>                  URL: https://issues.apache.org/jira/browse/JSPWIKI-579
>              Project: JSPWiki
>           Issue Type: Improvement
>     Affects Versions: 2.8.2
>             Reporter: Janne Jalkanen
> 
> 
> People have displayed annoyance at the way our current session
> expiry works: If you start editing a page, and the editing takes 
> too long, the session may expire, and you are served a very 
> cryptic page describing how to log into JSPWiki, or told something
> about Session expiration, which, of course, tells really nothing
> to the user.
> 
> Since this causes a dataloss of your edits, we should really try
> very hard to restart the Session. Obviously, this is not possible
> if user credentials have expired, but if the wiki is open to all,
> or CookieAuthenticationLoginModule is in use, then restarting
> the Session should be possible.

I agree that this can cause frustration and data loss, but in our
installations the simple solution was simply to set the timeout
to a full work day, i.e., 8 hours.  The side effects of this seem
to be minimal if any.

That's certainly sub-optimal but a simpler solution than trying to
recreate a session, which might have security implications. I do
agree that the current error message is not helpful and usually
confusing to users.

Murray

...........................................................................
Murray Altheim <murray09 at altheim dot com>                       ===  = =
http://www.altheim.com/murray/                                     = =  ===
SGML Grease Monkey, Banjo Player, Wantanabe Zen Monk               = =  = =

       Boundless wind and moon - the eye within eyes,
       Inexhaustible heaven and earth - the light beyond light,
       The willow dark, the flower bright - ten thousand houses,
       Knock at any door - there's one who will respond.
                                       -- The Blue Cliff Record