human-essentials icon indicating copy to clipboard operation
human-essentials copied to clipboard
verified publisher icon rubyforgood

Provide a friendly message if one gets an Invalid authenticity token, when signed in.

Open awwaiid opened this issue 2 years ago • 6 comments

Summary

If a user's session expires and they are trying to access the system, provide a friendly message (instead of the blank screen they are currently getting)

Why fix

Always nice to reduce user-facing nasty errors, or at least mitigate them

Details

This comes from us getting a fair number of invalid authenticity tokens with accompanying user information. Per the note below, we believe it is a case of expired sessions.

If the user session has expired when the user is attempting to access the system, we would like them to get a friendly message asking them to log in again.

Notes

  • Looking at bugsnag, in the last 30 days this has happened on users/sessions#create and distributions#create
  • We hypothesize that these are both screens that are ones that are remaining open or bookmarked or something
  • We were able to invalidate the token by deleting the hidden field in the html and deleting the cookie

Criteria for completion

  • [ ] If a user tries to access the system with an expired session, they get a friendly message indicating the need to log in
  • [ ] If a user tries to create a distribution with an expired session, they get a friendly message indicating they need to log in (maybe with a redirect)
  • [ ] Automated test for this

awwaiid avatar Aug 20 '23 15:08 awwaiid

Hi, I would like to take It

manuel1280 avatar Aug 22 '23 20:08 manuel1280

@awwaiid haven't managed to replicate the error in Local, When I try either deleting the auth token in the html, dropping the cache, or changing the expiration time in Devise with config.timeout_in = 10.seconds, the application makes a correct redirection to Login with the message "Your session expired. Please sign in again to continue."

Can you give the full Bugsnag message error to look into more deeply, please

manuel1280 avatar Aug 26 '23 20:08 manuel1280

This issue is marked as stale due to no activity within 30 days. If no further activity is detected within 7 days, it will be unassigned.

github-actions[bot] avatar Sep 26 '23 00:09 github-actions[bot]

Automatically unassigned after 7 days of inactivity.

github-actions[bot] avatar Oct 03 '23 00:10 github-actions[bot]

@awwaiid - +1 on @manuel1280's above comment After the session has expired - I can see the user routed back to sign-in page with message:

Screenshot 2023-12-02 at 9 31 51 PM

Did you observe something different?

kiranbpatil avatar Dec 03 '23 05:12 kiranbpatil

@kiranbpatil Yes, I see that message

manuel1280 avatar Dec 03 '23 18:12 manuel1280