When a session expires, the user's current URL is now captured and restored after re-authentication (via remember-me cookie or manual login), instead of always redirecting to the dashboard. A JavaScript session warning dialog appears ~2 minutes before idle timeout, allowing users to extend their session with a single click. Includes open-redirect prevention via URL validation, Microsoft SSO callback support, and 33 unit tests. Refs: SESSION-REDIRECT-PRESERVE-001 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
22 lines
799 B
PHTML
22 lines
799 B
PHTML
<dialog
|
|
data-app-session-warning-dialog
|
|
aria-labelledby="app-session-warning-title"
|
|
aria-describedby="app-session-warning-message"
|
|
aria-live="assertive"
|
|
>
|
|
<article class="app-session-warning-dialog">
|
|
<header>
|
|
<h2 id="app-session-warning-title"><?php e(t('Session expiring')); ?></h2>
|
|
</header>
|
|
<p
|
|
id="app-session-warning-message"
|
|
data-session-warning-message
|
|
data-template="<?php e(t('Your session will expire in {countdown}. Would you like to continue?')); ?>"
|
|
></p>
|
|
<footer>
|
|
<button type="button" class="secondary outline" data-session-warning-logout><?php e(t('Log out')); ?></button>
|
|
<button type="button" class="primary" data-session-warning-extend><?php e(t('Extend session')); ?></button>
|
|
</footer>
|
|
</article>
|
|
</dialog>
|