feat(session): preserve intended URL across session timeout and add expiry warning dialog

When a session expires, the user's current URL is now captured and restored
after re-authentication (via remember-me cookie or manual login), instead of
always redirecting to the dashboard. A JavaScript session warning dialog
appears ~2 minutes before idle timeout, allowing users to extend their session
with a single click. Includes open-redirect prevention via URL validation,
Microsoft SSO callback support, and 33 unit tests.

Refs: SESSION-REDIRECT-PRESERVE-001

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-03-13 14:28:49 +01:00
parent a3045fa95e
commit 04995e3712
18 changed files with 1333 additions and 7 deletions

View File

@@ -1300,5 +1300,9 @@
"Access and profile sync": "Zugriff und Profilabgleich",
"Profile sync": "Profilabgleich",
"App credentials (advanced)": "App-Anmeldedaten (Erweitert)",
"Remember token lifetime is invalid": "Token-Lebensdauer ist ungültig"
"Remember token lifetime is invalid": "Token-Lebensdauer ist ungültig",
"Session expiring": "Sitzung läuft ab",
"Your session will expire in {countdown}. Would you like to continue?": "Ihre Sitzung läuft in {countdown} ab. Möchten Sie fortfahren?",
"Extend session": "Sitzung verlängern",
"Log out": "Abmelden"
}

View File

@@ -1300,5 +1300,9 @@
"Access and profile sync": "Access and profile sync",
"Profile sync": "Profile sync",
"App credentials (advanced)": "App credentials (advanced)",
"Remember token lifetime is invalid": "Remember token lifetime is invalid"
"Remember token lifetime is invalid": "Remember token lifetime is invalid",
"Session expiring": "Session expiring",
"Your session will expire in {countdown}. Would you like to continue?": "Your session will expire in {countdown}. Would you like to continue?",
"Extend session": "Extend session",
"Log out": "Log out"
}