What is the expected behavior for posting a form with an expired session
Closed this issue · 2 comments
wshaddix commented
In this example application, what is the expected behavior when you have a view that shows the user a form and that user's auth token expires before they submit the form?
I know that the owin middleware handles refreshing the auth token in the background, but will the form still post after the auth token is refreshed or will it result in an HTTP GET on the view that has the form (thus loosing the form values and having to start over?)
Steps
- Navigate to a view that has a form
- Fill out the form but do not submit the form
- Wait one hour for the auth token to expire
- Submit the form (notice the auth token refresh take place in the address bar of your browser)
- Observe the outcome. Did the form actually submit or did the view get refreshed with no values in the input fields, thus losing the data and requiring the user to start over?
kalyankrishna1 commented
Does this Is there a default value to the Azure Active Directory token expiration timeout?
answer your question ?
kalyankrishna1 commented
The article Controlling a Web App’s session duration discusses this problem and suggests a solution