Opened 14 years ago
Closed 9 years ago
#9604 closed enhancement (duplicate)
Edit screens expire
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 2.8 |
Component: | Administration | Keywords: | needs-patch |
Focuses: | Cc: |
Description
Steps to reproduce:
1) Open an edit post (or page) screen
2) Take your browser offline for 24 hours
3) Put the browser back online
4) Edit the post, type a lengthy, thoughtful, dramatic entry
5) Click save draft / publish as you prefer
Expected result: Your poetic prose is committed to infallible digital memory.
Actual result: You're told "Your attempt to edit blah has failed." Press the back button and likely see the previous version of your post. Your latest prose exists now only in your memory.
Technical details: I think the nonce expires, so the post screen becomes invalid after a while.
Proposed solution: Add a javascript timeout to warn the user that the edit screen has expired. Provide a mechanism for the nonce to be updated.
Change History (6)
#1
@
14 years ago
- Keywords needs-patch added
- Milestone changed from Unassigned to 2.9
- Type changed from defect (bug) to enhancement
- Version set to 2.8
#2
in reply to:
↑ description
@
14 years ago
Replying to chmac:
Provide a mechanism for the nonce to be updated.
That is the Solution I loved most.
How about: Make the Backend working Offline thanks to Google Gears?
#3
@
14 years ago
- Milestone changed from 2.9 to Future Release
I like the idea, personally. We'd go: hourly check the nonce and renew it as we do, or something like that. But totally needs patch.
#5
@
10 years ago
Not entirely. We refresh nonces but heartbeat still requires a valid nonce to do so. (We discussed this wasn't necessary, as it's no different hitting post.php than it is admin-ajax.php.) So you get a new nonce for 12-24 hours, but not if you haven't been around for a full two nonce ticks.
For me, after leaving the session for that long, I would expect it to have died. It also seems to be something of a contrived exercise.
So I'm -1 for allowing the nonce to be renewed, that is contrary to the essence of the nonces.
However I agree that it could be worthwhile to have some warning, though. Think that comes under the heading of enhancement, rather than bug.