Edit screens expire

[chmac]

Steps to reproduce:
1) Open an edit post (or page) screen
2) Take your browser offline for 24 hours
3) Put the browser back online
4) Edit the post, type a lengthy, thoughtful, dramatic entry
5) Click save draft / publish as you prefer

Expected result: Your poetic prose is committed to infallible digital memory.

Actual result: You're told "Your attempt to edit blah has failed." Press the back button and likely see the previous version of your post. Your latest prose exists now only in your memory.

Technical details: I think the nonce expires, so the post screen becomes invalid after a while.

Proposed solution: Add a javascript timeout to warn the user that the edit screen has expired. Provide a mechanism for the nonce to be updated.

[mrmist]

Expected result: Your poetic prose is committed to infallible digital memory.

For me, after leaving the session for that long, I would expect it to have died. It also seems to be something of a contrived exercise.

So I'm -1 for allowing the nonce to be renewed, that is contrary to the essence of the nonces.

However I agree that it could be worthwhile to have some warning, though. Think that comes under the heading of enhancement, rather than bug.

[hakre]

Replying to chmac:

Provide a mechanism for the nonce to be updated.

That is the Solution I loved most.

How about: Make the Backend working Offline thanks to Google Gears?

[Denis-de-Bernardy]

I like the idea, personally. We'd go: hourly check the nonce and renew it as we do, or something like that. But totally needs patch.

[dd32]

Do the 3.6 Autosave / Heartbeat changes cover this?

[nacin]

Not entirely. We refresh nonces but heartbeat still requires a valid nonce to do so. (We discussed this wasn't necessary, as it's no different hitting post.php than it is admin-ajax.php.) So you get a new nonce for 12-24 hours, but not if you haven't been around for a full two nonce ticks.

[SergeyBiryukov]

#24447 has more traction.