feat(session): preserve intended URL across session timeout and add expiry warning dialog
When a session expires, the user's current URL is now captured and restored after re-authentication (via remember-me cookie or manual login), instead of always redirecting to the dashboard. A JavaScript session warning dialog appears ~2 minutes before idle timeout, allowing users to extend their session with a single click. Includes open-redirect prevention via URL validation, Microsoft SSO callback support, and 33 unit tests. Refs: SESSION-REDIRECT-PRESERVE-001 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
21
templates/partials/app-session-warning-dialog.phtml
Normal file
21
templates/partials/app-session-warning-dialog.phtml
Normal file
@@ -0,0 +1,21 @@
|
||||
<dialog
|
||||
data-app-session-warning-dialog
|
||||
aria-labelledby="app-session-warning-title"
|
||||
aria-describedby="app-session-warning-message"
|
||||
aria-live="assertive"
|
||||
>
|
||||
<article class="app-session-warning-dialog">
|
||||
<header>
|
||||
<h2 id="app-session-warning-title"><?php e(t('Session expiring')); ?></h2>
|
||||
</header>
|
||||
<p
|
||||
id="app-session-warning-message"
|
||||
data-session-warning-message
|
||||
data-template="<?php e(t('Your session will expire in {countdown}. Would you like to continue?')); ?>"
|
||||
></p>
|
||||
<footer>
|
||||
<button type="button" class="secondary outline" data-session-warning-logout><?php e(t('Log out')); ?></button>
|
||||
<button type="button" class="primary" data-session-warning-extend><?php e(t('Extend session')); ?></button>
|
||||
</footer>
|
||||
</article>
|
||||
</dialog>
|
||||
Reference in New Issue
Block a user