Timeout Dialog: allow users to set a different URL for timeouts than manual sign outs #93
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Can one of the admins verify this patch? |
|
|
||
| - issue where internal header where font wasn't being set | ||
| - `hmrcTimeoutDialog` Allow users to set a different URL for timeouts than manual sign outs |
There was a problem hiding this comment.
This seems to be replacing the previous release rather than adding a new one, can you
## [Unreleased]
## [1.16.0] - 2020-09-10
### Changed
- `hmrcTimeoutDialog` Allow users to set a different URL for timeouts than manual sign outs
## [1.15.3] - 2020-08-14
### Fixed
- issue where internal header where font wasn't being set
There was a problem hiding this comment.
Oops! Should be fixed now.
timsb
requested changes
Sep 11, 2020
timsb
previously approved these changes
Sep 11, 2020
timsb
approved these changes
Sep 11, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi,
This pull request will allow users of the Timeout Dialog to set different url to redirect to on timeout than the URL for clicking the delete data / sign out link.
It should be none breaking, as if you don't set a timeout-url it will default to the sign-out-url, retaining the original functionality.
Use case
Session timeouts are handled internally in our framework, so if you request a page after your session is timed out you are redirected to
/session-timeoutwith a referrer querystring containing the URL of the page you requested (we use this in GA to see which pages people time out on).Using this component I have to redirect to a
/end-sessionURL to clear the session to makes the link work, but I lose the benefit of the querystring on the session timeout page. This is because it will also redirect to/end-session, then redirect to session-timeout with/end-sessionas the referrer.Another issue is that since both the timeout and link will focibly kill the session, if the session is being refreshed in a separate tab, the fogotten tab will eventually timeout and kill a session for a user that wouldn't have otherwise reached it's expiry time.
However, if I set the timeout URL to redirect to the page it's on the session timeout middleware will kick in showing a timeout page with the approrpriate referrer URL and if the session is being maintained in another tab the page will just refresh every 30 minutes and not kill an active session. The sign out link however can continue to point to a URL that will forcibly end the session.