Contao: Prevent dataloss due Session expires while working editmode

Created on 24 Jan 2019 · 2Comments · Source: contao/contao

The scenario is from one of my customers. They had worked on an Newsarticle for about 2 hours, within these time the session expired. After they hit the save button they ended up with the login screen, after login the changes where gone.

Step to reproduce:

Set in system/config/localconfig.php the Value for $GLOBALS['TL_CONFIG']['sessionTimeout'] to 30 Seconds (for test case only)
Open an Artikel, an keep editing for 30 seconds, and save your Work
Loginscreen will appear, which is quite ok, but the post data should be saved in the new Session
Login with your Credentials
You will end up on the Article (maybe with a referer warining)
You will see that the changes are gone (changes should be applied)

Problem could be solved in differend Ways:

Store the post data in the new Session and apply it after successfull login
Sending a xhr heartbeat when you are in an editmode, for keep the session open.
Show an Notification to the user (Modal, Popup or somesthing like that) when the session is about to expire.

feature help wanted

Source

biwerr

Most helpful comment

As discussed in Mumble on March 7th, we could implement an XHR heartbeat in a first step. In the long run, we could store the changes in the local storage of the browser on submit, so we can restore them in case the session has expired or the server throws an error 500.

leofeyer on 7 Mar 2019

👍3

All 2 comments

Imho a combination of the first 2 approaches would be ideal.

A heartbeat is the most convenient solution as it prevents logout, but it fails when network connection is interrupted for a long enough time (wifi outage, device going to sleep, ...). In that case the first approach would serve as a fallback.