You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It appears we may need to adjust the session duration for various smoothness apps such as BTM and DTM. At first glance it appears users are leaving apps open for shifts-at-a-time and then confused when their authentication state is expired. Part of the confusion appears to be that we don't currently have a keep-alive or polling check on the web page - it just has the login state from the last time it made a request to the server, which can apparently be hours out-of-date and mislead the user to think they're still logged in.
Note: this may require adjusting Keycloak session expiration as well? The Wildfly session and keycloak session are related, but independent. Might lose Keycloak SSO session, but maintain app session, that might minimize risk?
Note: bank websites often take the approach where a timer is started / re-set on the client after each request/response from the server. This way the client knows when the session expires and updates the state on the page to avoid misleading users. It sometimes prompts with a "want to stay logged in?" and a countdown.
The text was updated successfully, but these errors were encountered:
It appears we may need to adjust the session duration for various smoothness apps such as BTM and DTM. At first glance it appears users are leaving apps open for shifts-at-a-time and then confused when their authentication state is expired. Part of the confusion appears to be that we don't currently have a keep-alive or polling check on the web page - it just has the login state from the last time it made a request to the server, which can apparently be hours out-of-date and mislead the user to think they're still logged in.
Note: this may require adjusting Keycloak session expiration as well? The Wildfly session and keycloak session are related, but independent. Might lose Keycloak SSO session, but maintain app session, that might minimize risk?
Note: bank websites often take the approach where a timer is started / re-set on the client after each request/response from the server. This way the client knows when the session expires and updates the state on the page to avoid misleading users. It sometimes prompts with a "want to stay logged in?" and a countdown.
The text was updated successfully, but these errors were encountered: