Closed Bug 1109199 Opened 10 years ago Closed 9 years ago

Silent log out while editing new a page loses all your work

Categories

(developer.mozilla.org Graveyard :: Editing, defect)

Product:
developer.mozilla.org Graveyard
Component:
Editing
Platform:
All
Other
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: sheppy, Unassigned)

References

Details

(Whiteboard: [specification][type:bug])

What did you do? ================ 1. Navigated to a non-existent page to begin writing content. 2. Wrote a good bit of text. 3. Clicked Save. What happened? ============== At some point while I was working, my login was dropped. When I clicked the save button, I was presented with a "You have to login to do that" page. After logging in, I was returned to the "New page" editor, with my content lost. What should have happened? ========================== Editor content needs to be retained across a login request, or login drops have to stop happening. The former is probably easier to deal with, but I don't know. At any rate, the key thing is that writers should never lose work due to a login drop. Is there anything else we should know? ======================================
:groovecoder, Sheppy says that the session drop issues are less frequent (presumably since we upgraded to django-allauth), but they are still happening. Any idea what's going on?
Severity: normal → major
Component: General → Editing
Flags: needinfo?(lcrouch)
Sounds like something the draft editor should fix? When you get back to the "New page" editor, do you not have the ability to "Restore draft"? We expire session IDs as a security measure [1]. How often are these login drops happening? Hourly vs. daily vs. weekly? The django-allauth default SESSION_COOKIE_AGE is 3 weeks. IIRC the sessions are also associated with certain user agents, which means switching between browser versions will also expire the session. So, need more information about how the session is being dropped to see if there's a bug. [1] https://en.wikipedia.org/wiki/Session_fixation#Time-out_old_SIDs
Flags: needinfo?(lcrouch) → needinfo?(eshepherd)
(In reply to Luke Crouch [:groovecoder] from comment #2) > Sounds like something the draft editor should fix? When you get back to the > "New page" editor, do you not have the ability to "Restore draft"? > > We expire session IDs as a security measure [1]. How often are these login > drops happening? Hourly vs. daily vs. weekly? The django-allauth default > SESSION_COOKIE_AGE is 3 weeks. IIRC the sessions are also associated with > certain user agents, which means switching between browser versions will > also expire the session. So, need more information about how the session is > being dropped to see if there's a bug. > > [1] https://en.wikipedia.org/wiki/Session_fixation#Time-out_old_SIDs Not for new pages; the draft saving feature doesn't seem to work for them. I've not been able to detect a pattern to when the login sessions drop. But they shouldn't be allowed to while you're in the middle of an edit (at least not if you're actively using it).
Flags: needinfo?(eshepherd)
Depends on: 1114649
Depends on: 1114650
So I filed a couple of bugs under this one: * Add/fix draft-saving feature on "New Page" (bug 1114649) * Investigate & fix session expirations (bug 1114650)
Summary: Loss of login during new page edit loses all your work → Silent log out while editing a page loses all your work
Summary: Silent log out while editing a page loses all your work → Silent log out while editing new a page loses all your work
Possibly fixed by Bug 1268609 which should be in production later this week. After that's in production the next step with this is to determine if this is still a problem.
The draft is now retained and can be recovered after the user logs back in.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Product: developer.mozilla.org → developer.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.