Session expiration could be handled better
Opened this issue · 4 comments
Having to go to shiori page and re-login is pretty inconvenient, at least redirect there automatically, give a login popup or give ability to save credentials to re-login automatically
Agreed. Here are the issues i'm seeing on Firefox:
- Session timeout is too short, and hard to predict. I'm not sure why i get logged out of my single-user, self-hosted shiori instance available only on my LAN. I'd be fine with a session that never times out, but there is no option for that.
- Getting a new session for the add-on in requires going to the add-on's page then "preferences" then "log-in". Best case, that's 4 clicks. If i have to log back in to get a new session, i should at least be able to do it without going into the weeds of the add-on settings.
- The add-on doesn't tell you if your session is expired until you try to use it.
- Any tags entered when trying to save a page while the session is expired are lost, which is just frustrating.
Hey @axelsimon, thanks for the detailed issues you found. My main focus right now is on the new API, which I hope it solve some of the server related issues you're experiencing at the moment: go-shiori/shiori#497. Main change that extension will benefit from is the use of JWTs for sessions, which are not stored in memory, meaning that at least a server restart won't "expire" them and that expiration would be either configurable or unlimited, depending on the circumstances.
I didn't answer back in March, but good to hear. And congrats, I see go-shiori/shiori#497 is now done :)
Does this mean this might see some progress?
I didn't answer back in March, but good to hear. And congrats, I see go-shiori/shiori#497 is now done :)
Does this mean this might see some progress?
Yes, JWT sessions are landing in v1.6.0 (next release), once that's released we need to release a new version of the plugin too.