web-app icon indicating copy to clipboard operation
web-app copied to clipboard

Published 20 hours ago verified publisher icon openMF

Session never closes - never logs out if un-attended to

Open francisguchie opened this issue 4 years ago • 11 comments

Goal:

As a user I want to see my web-app session closing. Being a banking software, the user interface should log the user out if they leave the interface un-attended / logged in without activity i.e.

francisguchie avatar Dec 04 '20 20:12 francisguchie

@karantakalkar Can I work on this?

BLasan avatar Jan 06 '21 03:01 BLasan

How ? tell me your approach first, we had a session manager back in community app.

karantakalkar avatar Jan 06 '21 07:01 karantakalkar

@karantakalkar We could use ng-idle for this. Btw, should we display a modal after the predefined period of inactivity, warning the user that he will be logged out soon due to inactivity or should we directly log him out?.

The warning would be helpful if the user is actually around and wants to continue his session, for which he could move his mouse or press a key, doing that would make the message disapper else he will be logged out when the message times out. If we do decide to have the message then I think ng-toast would be a good option as it would look good with our ui and is easy to use and integrate for our use case and could be used for other purposes in other components.

What do you think?. Would like to work on this.

ksraj123 avatar Jan 06 '21 14:01 ksraj123

@ksraj123 Banking softwares should not display reminders. What if it is an eves dropper who is around table and he gets the chance to extend the session to do some damage to the bank.

I suggest we log the user out directly

francisguchie avatar Jan 06 '21 15:01 francisguchie

@francisguchie sounds reasonable, it's probably better not to have the warning, should I start implementing this feature?.

ksraj123 avatar Jan 06 '21 15:01 ksraj123

@karantakalkar What about angular-user-idle ? If @ksraj123 's idea is good then we may let him to start fixing

BLasan avatar Jan 06 '21 15:01 BLasan

@karantakalkar What about angular-user-idle ? If @ksraj123 's idea is good then we may let him to start fixing

angular user idle won't work. It's below angular 9. 9 brought ivy compiler.

Abhirup-99 avatar Jan 06 '21 15:01 Abhirup-99

We prefer not to use third party libraries unless it is an absolute necessity.

karantakalkar avatar Jan 06 '21 15:01 karantakalkar

@karantakalkar then we could add event listeners on the document level to listen for move movement, clicks or keypress. When they do then they will reset a timer function. If the timer is not reset in within the predefined interval of inactivity then the user will be logged out. What do you think?.

ksraj123 avatar Jan 06 '21 15:01 ksraj123

Fine. but still look around the internet for session management in angular 6+ for better ways of doing it and also check out community app implementation. Also see the code of above mentioned libraries to understand their basic function.

karantakalkar avatar Jan 06 '21 15:01 karantakalkar

@karantakalkar sure, on it. Thanks

ksraj123 avatar Jan 07 '21 17:01 ksraj123