On 401/403, refresh logged-in state and don't imply in the UI that the request worked #2813
Labels
No Label
backend
critical
defect
duplicate
enhancement
fixed
frontend
general
invalid
major
minor
normal
oxjs
pandora_client
python-ox
task
trivial
wontfix
worksforme
No Milestone
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: 0x2620/pandora#2813
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
For whatever reason, a user's Pandora login cookie (I guess?) expired. Until they refreshed the page, they were still shown as logged in.
Whenever they tried to add an annotation, they saw the "Sorry, you have made an unauthorized request." dialog. But when they dismissed the dialog, the annotation was still shown in the editor, so they assumed that the error could be ignored and the annotation had still been saved, and kept working, dismissing the dialog every time. Hours later, after they refreshed the page, I had to break the bad news that all their changes had not been saved.
Obviously, users blindly dismissing dialogs is bad, but there are some things Pandora could do better:
addAnnotation
/editAnnotation
/etc. fails, roll back the annotation bin accordingly, so it doesn't look like the change was saved successfully. I guess it would be a pretty invasive change to not just send all errors to the global'error'
event…agreed, pandora has to do a better job with expired sessions.
right now you can also increase the default session timeout.
add
to /srv/pandora/pandora/local_settings.py
current default value is 60 days (602460*60)