feat(session): preserve intended URL across session timeout and add expiry warning dialog
When a session expires, the user's current URL is now captured and restored after re-authentication (via remember-me cookie or manual login), instead of always redirecting to the dashboard. A JavaScript session warning dialog appears ~2 minutes before idle timeout, allowing users to extend their session with a single click. Includes open-redirect prevention via URL validation, Microsoft SSO callback support, and 33 unit tests. Refs: SESSION-REDIRECT-PRESERVE-001 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -8,6 +8,7 @@ use MintyPHP\Http\ApiSystemAuditReporter;
|
||||
use MintyPHP\Http\CookieStore;
|
||||
use MintyPHP\Http\CookieStoreInterface;
|
||||
use MintyPHP\Http\Input\RequestInputFactory;
|
||||
use MintyPHP\Http\IntendedUrlService;
|
||||
use MintyPHP\Http\RequestRuntime;
|
||||
use MintyPHP\Http\RequestRuntimeInterface;
|
||||
use MintyPHP\Http\SessionStore;
|
||||
@@ -82,6 +83,7 @@ final class AppServicesRegistrar implements ContainerRegistrar
|
||||
$c->get(UserReadRepository::class)
|
||||
));
|
||||
$container->set(GridUserCountEnricher::class, static fn (): GridUserCountEnricher => new GridUserCountEnricher());
|
||||
$container->set(IntendedUrlService::class, static fn (): IntendedUrlService => new IntendedUrlService());
|
||||
$container->set(RequestInputFactory::class, static fn (): RequestInputFactory => new RequestInputFactory());
|
||||
$container->set(SessionStore::class, static fn (): SessionStore => new SessionStore());
|
||||
$container->set(SessionStoreInterface::class, static fn (AppContainer $c): SessionStoreInterface => $c->get(SessionStore::class));
|
||||
|
||||
Reference in New Issue
Block a user