New input lost when session expires or No _CSRFToken exist
I first approached this topic back in 2020 but it seems to have fallen through the cracks.
I know it’s good practice to automatically expire login sessions after 30 minutes or so, and it’s also a good practice to save changes often.
But a number of times my clients (and I) have written text directly into a text box, or made other changes to a section, and have been so caught up in the moment, or distracted before saving our work, that our sessions have timed out, or we’re told that a "Security Error: No _CSRFToken exists in session. Try reloading or going back to previous page". After an attempt to comply, the information is lost forever and we have to go back to square 1.
So, my question is:
Is optional autosave for the current open page a possibility?
Any other thoughts are welcome.
Thanks and stay safe,
Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php
Yea, we can give some thought to that. The problem is servers are sometimes configured to clear cookies before PHP does, so we can lose the login session at any time.
That part of the code is due for a rewrite, might have to be it's own version release. Here are some thoughts and ideas I have about that:
- We could check if the user is still logged in before submitting the form. We'd need to figure out what to do if they're not then, such as a popup login form or something else.
- I could write a debug plugin to test how long servers actually let us keep cookies for, this is something that would be useful to know so CMSB doesn't set the timeout to a greater value
- We could look at caching form input before submission either client-side or server-side.
One workaround for this issue is to open another tab, login in that tab, and then refresh the original page. But I think the _CSRFToken error happens when the server deletes the session/cookie before CMSB does.
I'll give it some thought. Let me know if you have any other input or ideas.