New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Need a pattern for Session Timeout #498

Closed
serenamarie125 opened this Issue Nov 22, 2017 · 6 comments

Comments

Projects
None yet
4 participants
@serenamarie125
Member

serenamarie125 commented Nov 22, 2017

Would like a new design pattern to describe a situation when the session is about to expire, and they will be logged out.

The Use Case is that there has been no activity in a certain amount of time, and that the system will log out, unless the user decides to continue the session.

We had some conversation around this with designs, and came up with the following suggested design:
screen shot 2017-11-22 at 10 25 14 am

If the user does not continue the session, and are logged out, we should present the Login Screen with an inline notification (warning) stating "You have been logged out due to inactivity"

@mcarrano mcarrano added this to New / Needs Info in PatternFly Contributions Nov 30, 2017

@mcarrano mcarrano moved this from New / Needs Info to Accepted-ToDo/Backlog in PatternFly Contributions Nov 30, 2017

@mcarrano

This comment has been minimized.

Member

mcarrano commented Feb 12, 2018

@yih-wang Thanks for being willing to take this on. Please just let us know when you have something to review.

@mcarrano mcarrano moved this from Accepted-ToDo/Backlog to Discovery & Concept Design in PatternFly Contributions Feb 12, 2018

@mcarrano mcarrano removed the Help Wanted label Feb 12, 2018

@yih-wang

This comment has been minimized.

Contributor

yih-wang commented Feb 13, 2018

@serenamarie125 I'll take this task and here's some questions.

  1. Does the inline notification (warning) only occur when the user ignore the modal and the system automatically jump to the login page? If the user click on the "Log Out" button and then jump to the login page, there won't be an inline notification, right?

  2. Do you think the modal need a title like "Session Expiration Alert" or something?

  3. I think we can make a recommendation to the "XXX seconds" and the products can adjust it if need be. What's your thoughts?

@mcarrano

This comment has been minimized.

Member

mcarrano commented Feb 14, 2018

@yih-wang Your proposal here looks good to me: https://docs.google.com/document/d/19CC14Ne-JdxO2GPZtwcCT091Ma-6CoKEXAce2GKHRrA/edit?usp=sharing

@serenamarie125 can you take a look and see if this is what you expected? Also see @yih-wang 's questions above. @kybaker would also like you to take a look. We don't have a standard modal alert form (we probably should) so wasn't sure about the use of the large warning icon.

@mcarrano mcarrano moved this from Discovery & Concept Design to Preliminary Review in PatternFly Contributions Feb 22, 2018

@zhutaoredhat zhutaoredhat self-assigned this Feb 23, 2018

@serenamarie125

This comment has been minimized.

Member

serenamarie125 commented Feb 24, 2018

@yih-wang I left a bunch of comments in the doc ... but re: your questions above
#1 - correct, if they click on Log Out, do NOT show inline notification
#2 - I think Session Expiration Warning" makes more sense
#3 - I would suggest 60 seconds for the count down

Should we also offer a suggestion for the period of inactivity before getting logged out?

@zhutaoredhat

This comment has been minimized.

Contributor

zhutaoredhat commented Feb 28, 2018

Hi @serenamarie125 @yih-wang has taken intern leave for a month, I will continue this issue.
Offer a suggestion for the period of inactivity will be better.

Different site with the length of a session business. Here are some example:
1.JIRA Session timeout - 5 hours (300mins)
2.Jira Cloud's session timeout is 4 hours, but it also relies on the user's browser session.If the browser session stays open, the instance session timeout doesn't go into effect.
3.Google Urchin WebAnalytics - By default, visitor sessions timeout after 30 minutes of inactivity.
A very great article about Session and campaign timeout handling:

Session Timeout Suggestion
Sessions end after a specific amount of time passes. By default, sessions end after 30 minutes of inactivity. You can change the settings of session end after the specified amount of time has passed.
The length of a session depends on your site and business. If your website have a lot of content and expect users to take a long time engaging with that content, lengthen the session time. Sessions would better not greater than four hours.
https://docs.google.com/document/d/19CC14Ne-JdxO2GPZtwcCT091Ma-6CoKEXAce2GKHRrA/edit?usp=sharing

Do you think these suggestions make sense?

I had pulled a PR for this task: #582

@zhutaoredhat

This comment has been minimized.

Contributor

zhutaoredhat commented Mar 2, 2018

Hi @serenamarie125 @mcarrano I have added a suggestion about Session Timeout, could you help me have a review. The content is in the comment above. Thank you~

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment