Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Logout when inactive #133

Merged
merged 9 commits into from
Nov 6, 2020
Merged

Logout when inactive #133

merged 9 commits into from
Nov 6, 2020

Conversation

jasalisbury
Copy link
Contributor

@jasalisbury jasalisbury commented Nov 5, 2020
edited by rahearn
Loading

Description of change
The idle modal shows after 25 minutes of inactivity. After 30 minutes of inactivity the user is logged out of the TTA smart hub. If the user becomes active while the modal is displayed it is hidden and the counters are reset.

Currently when the modal is shown the message says how long the user has until logout when the modal was first shown. I see two ways to improve the user experience:

  1. We have a running countdown that updates until the user is logged out (e.g. T-minus 1 minute 2 seconds until logout)
  2. We display the actual time at which the user is logged out (e.g. 10:55 am)

How to test

I've set sandbox to show the logout modal at 1 minute of inactivity and to logout users after an additional minute (2 minutes total). I'll need to remember to update the environment variables to 25 minutes (modal) and 30 minutes (logout) before merging.

  1. Browse to sandbox https://tta-smarthub-sandbox.app.cloud.gov/
  2. Login
  3. Become inactive for a minute, note the modal
  4. Wait an additional minute to get logged out

Notes

  • We cannot set frontend environment variables per environment since they have to be set at build time. We will need to figure out how to do so soon. I can see us wanting to set feature flags for one environment but not another.
  • I added a timeout to the session cookie sent from the server. The timeout is currently set at 30 minutes. This timeout is updated every time the user hits the server. There is a potential issue if a user is active on a page but not making API calls for 30 minutes. In that case the user's session will expire but they won't get explicitly logged out on the frontend. If this happens the next call to the API will give a 401, which we will need to handle. I gave some thought to having a 'heartbeat' API endpoint that gets hit periodically, but things get complicated when combined with the inactivity timeout. Let me know if you have any ideas!

Issue(s)

Checklist

  • Meets issue criteria
  • Code tested
  • Meets accessibility standards (WCAG 2.1 Levels A, AA)
  • [n/a] Documentation updated

@jasalisbury
Add idle modal
6c9f26e 
The idle modal shows after 25 minutes of inactivity. After 30 minutes of
inactivity the user is logged out of the TTA smart hub. If the user
becomes active while the modal is displayed it is hidden and the 25 and
30 minute count is reset.

Currently when the modal is shown the message says how long the user has
until logout when the modal was first shown. I see two ways to improve
the user experience:

 1. We have a running countdown that updates until the user is logged
out
 2. We display the actual time at which the user is logged out (e.g. 10:55
am)
@jasalisbury
Set sandbox branch
e746816
@jasalisbury
Update frontend timeouts for testing
1b18d8a
@jasalisbury
Unstyle fieldsets in activity report
b32d147
@jasalisbury
Change inactive wording. Fix proptype issue
25140fe
@jasalisbury
Merge branch 'main' into js-79-logout-on-inactive
5d32c27
@jasalisbury
Merge pull request #58 from adhocteam/js-79-logout-on-inactive
43d213c 
Logout on inactive
@jasalisbury jasalisbury requested a review from rahearn November 5, 2020 16:54
rahearn
rahearn requested changes Nov 5, 2020
View reviewed changes
Copy link
Contributor

@rahearn rahearn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work! I'd like to see the accessibility change before merging this in.

Also, can we set the timeout via a CircleCI variable? I don't want a 2 minute timeout in staging/prod, but maybe it's a decent workaround to have one set of flags for staging/production and one for dev/sandbox, at least until something more involved is needed and can be developed.

src/app.js Show resolved Hide resolved
frontend/src/components/IdleModal.js Show resolved Hide resolved
frontend/src/components/IdleModal.js Show resolved Hide resolved
@jasalisbury
Add screen reader instructrions for continuing session
6701636 
When inactive the modal that asks the user to continue their session now
includes a screen ready only instruction to reduce confusion
@jasalisbury
Merge pull request #61 from adhocteam/js-79-pr-feedback
c3ab233 
Add screen reader instructrions for continuing session
@rahearn rahearn merged commit 991f2cf into HHS:main Nov 6, 2020
rahearn pushed a commit that referenced this pull request Feb 3, 2021
@dcmcand
Merge pull request #133 from adhocteam/cm-wire-frontend-file-upload
c5a035f 
Add frontend file upload
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rahearn rahearn rahearn approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@jasalisbury @rahearn