Make WordPress Core

Opened 15 years ago

Closed 10 years ago

#9604 closed enhancement (duplicate)

Edit screens expire

Reported by: chmac's profile chmac Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.8
Component: Administration Keywords: needs-patch
Focuses: Cc:


Steps to reproduce:
1) Open an edit post (or page) screen
2) Take your browser offline for 24 hours
3) Put the browser back online
4) Edit the post, type a lengthy, thoughtful, dramatic entry
5) Click save draft / publish as you prefer

Expected result: Your poetic prose is committed to infallible digital memory.

Actual result: You're told "Your attempt to edit blah has failed." Press the back button and likely see the previous version of your post. Your latest prose exists now only in your memory.

Technical details: I think the nonce expires, so the post screen becomes invalid after a while.

Proposed solution: Add a javascript timeout to warn the user that the edit screen has expired. Provide a mechanism for the nonce to be updated.

Change History (6)

#1 @mrmist
15 years ago

  • Keywords needs-patch added
  • Milestone changed from Unassigned to 2.9
  • Type changed from defect (bug) to enhancement
  • Version set to 2.8

Expected result: Your poetic prose is committed to infallible digital memory.

For me, after leaving the session for that long, I would expect it to have died. It also seems to be something of a contrived exercise.

So I'm -1 for allowing the nonce to be renewed, that is contrary to the essence of the nonces.

However I agree that it could be worthwhile to have some warning, though. Think that comes under the heading of enhancement, rather than bug.

#2 in reply to: ↑ description @hakre
15 years ago

Replying to chmac:

Provide a mechanism for the nonce to be updated.

That is the Solution I loved most.

How about: Make the Backend working Offline thanks to Google Gears?

#3 @Denis-de-Bernardy
15 years ago

  • Milestone changed from 2.9 to Future Release

I like the idea, personally. We'd go: hourly check the nonce and renew it as we do, or something like that. But totally needs patch.

#4 @dd32
11 years ago

Do the 3.6 Autosave / Heartbeat changes cover this?

#5 @nacin
11 years ago

Not entirely. We refresh nonces but heartbeat still requires a valid nonce to do so. (We discussed this wasn't necessary, as it's no different hitting post.php than it is admin-ajax.php.) So you get a new nonce for 12-24 hours, but not if you haven't been around for a full two nonce ticks.

#6 @SergeyBiryukov
10 years ago

  • Milestone Future Release deleted
  • Resolution set to duplicate
  • Status changed from new to closed

#24447 has more traction.

Note: See TracTickets for help on using tickets.