Details
-
Bug
-
Resolution: Unresolved
-
Minor
-
COmanage Registry 5.0.0 (Pupal Eclosion)
-
None
Description
If a session times out but a user has a page open in their browser and clicks a link that opens in a lightbox, the user gets an error because the IdP login page cannot be loaded in an iframe (and would be a poor UX even if it were).
This can be reproduced by
- Opening any Person canvas. (Or any page with links that open in a lightbox.)
- Waiting for the sessions to time out (both the PHP session and the IdP session), or (to speed things up) deleting the session cookies.
- Clicking the Person's name in the Attributes section.
See attached screenshot. Note this can't be reproduced using Basic Auth, since Basic Auth operates differently. This requires an external IdP reached via HTTP redirects to reproduce.
This is low priority because there are a number of mitigations: the user can reload the underlying page, in many cases the browser will decide to "free up" the underlying page within the session timeouts and so restoring the tab will force a new login, etc; however this is likely to happen just often enough to be a regular (if infrequent) source of confusion.
Attachments
Issue Links
- is subtask of
-
CFM-450 Lightbox User Experience Reviews
-
- To Do
-