MCR-3849 Fix session timeout #2719
Conversation
- inherit from base Modal - create SessionTimeoutModal as own component - simplify styles - removing V2 naming from UnlockResubmitModal
- add to package.json - remove session timeout custom timekeeping, props from AuthContext - add IdleTimer to AuthenticatedRouteWrapper - start to add tests
…incompatible values
haworku
force-pushed
the
MCR-3849-sessiontimeout
branch
from
372144f
to
57b658c
Compare
haworku
requested review from
JasonLin0991,
macrael,
mojotalantikite and
pearl-truss
|
@haworku for "logout and continue work across tabs", is this the desired behavior? When I logged out of one tab I was still able to do work in another tab |
|
@pearl-truss No, that's the buggy behavior that we want to test for and hopefully we don't see it. Can you send me the replication steps you used and which user in the review app you were using (toph currently has shorter session duration) |
I was using aang.
|
|
@pearl-truss TY for finding this! I added to acceptance testing script under a new section called basic login and logout. FYI from discussion in standup today, looks like this one is an existing bug not a new regression, and not in scope for this ticket. The bug shouldn't block this PR going through. However, I will still look into solving it also on this branch in case I can fix now, will ping you if I do so. If you see any other issues, please raise them – this manual testing is very helpful. |
| // s3 file upload failing could be due to IDM session timeout | ||
| // double check the user still has their session, if not, logout to update the React state with their login status | ||
| try { | ||
| await checkAuth() |
There was a problem hiding this comment.
why does checkAuth throw instead of return an error?
| const [countdownSeconds, setCountdownSeconds]= useState(idleTimer.getRemainingTime() / 1000) | ||
|
|
||
| const handleLogoutSession = async () => { | ||
| idleTimer.message({action:'LOGOUT_SESSION'}, true) |
There was a problem hiding this comment.
could these actions be constants?
| } | ||
| } | ||
| throw Error('Cognito SignIn error') |
There was a problem hiding this comment.
It looks like we used to return errors when it was an error we understood and only threw when it was something truly unexpected. I don't love turning this into something that always throws. Honestly I think since writing this we've moved towards just returning un-understood errors as well
There was a problem hiding this comment.
Yes agreed I can do that
There was a problem hiding this comment.
@macrael Actually looking more at this code - all of cognitoAuth throws for errors. The oddity was returning both Errors and throwing and thats why I moved it to throw to unify it and unify that interface on the frontend. What do you want to do here? Shall I make a ticket to refactor cognitoAuth?
Shall I just change this one still?
There was a problem hiding this comment.
If it's not going to change having to do try/catch in our pages then I don't care if you fix this one or not, but I would like to have a ticket tracking moving this to returning errors instead. My goal is that inside any of our pages/components we never have to call try/catch because anything that can throw has been wrapped up as a dependency
There was a problem hiding this comment.
Ended up rewriting cognitoAuth anyway - but there are other files that have the same issue that I left alone. Looks like we already have a ticket to address this issue - I updated it to also include adding more eslint rules.
|
@haworku on the review app as soon as I signed in I got a session timeout modal. ETA But I was using toph...let me try with someone else |
|
@haworku nevermind my other comment! Everything looks good if this is okay: I put my computer to sleep and when I came back to MC-Review the session timeout modal had counted down to 0:00 but stayed on the page without automatically signing me out. 
|
|
@pearl-truss Thanks for catching this. It really should be logging out, I see handling in the library for this too. However, I also see open issues about what happens when computer sleep when For now I added handling to modal itself to disable continue and only allow logout in cases where the countdown finishes but for some reason it does not close and logout. What do you think? |
Summary
Address issues with session timeout and re-implement with IdleTimer .
Issues addressed include:
Still in progress
AuthenticatedRouteWrappertests for idle timer behaviorsRelated issues
https://jiraent.cms.gov/browse/MCR-3849
Screenshots
Test cases covered
Session Timeout acceptance jam document forthcoming
QA guidance
Please re-test the steps from this comment in Jira.
And also pick a couple of these acceptance jam cases to retest. Keep in mind the timeout for toph in review apps is set to 2min to make things go faster so you won't have to wait as long to verify things.