NT5 Login page and session timeout (NT6 maybe too)

[alex.kolaric]

Hi,

after very long time I found out one potential bug in NT5 (maybe it exists in NT6 too but I don't have it so I can't check it). I will illustrate it on BasicWithLogin (3) example app. When I start web server and go to 127.0.0.1:88, main page opens, Then I click on Login option and login form appears. DEMO and DEMO for user id and pwd are logging ok. However if I sit on the login page until the session expires (I set session timeout to 2 min in the web server options for checking purposes) and then click on login button on this page I go back to the index page but I'm not logged even though uid and pwd are correct. Apparently, login validation code is not executed when Login button is clicked after the session has expired.

How to beat this behavior? My employers are not happy with it at all. Login button which doesn't log the user even though they entered correct uid and pwd. Very confusing for the user and not looking professional.

Any advice is appreciated.

Thanks,
Alex

[terryd]

I'm not sure if I see this as a bug but anyway why don't you extend your session logout time. If someone goes to the login screen and then does nothing for 15 minutes I don't see it in my applications as a problem for them to have to reenter the login information

[alex.kolaric]

Hi Terry,

re-entering of the login info is not a problem. The problem is in my opinion that even if you enter it properly and click on login button you don't get logged in. Expected behavior, at least from the user point of view, would be - I'm entering user ID and pass, I'm clicking login button, I'm logged. This behavior must be consistent, otherwise it is confusing, again from the user point of view - I typed everything ok, why I'm not logged? Why do I need to log twice to actually get logged? etc

Main reason why I'm asking this is the following. As in example app BasicWithLogin, I want to show login page as soon as the session expires so that the user is aware that the login is requested again without clicking anything else. However, this is not possible because of the described behavior.

I qualify this as a bug, because login page validation code is not processed in such case.

Thank you for your comment on the topic.

Best regards,
Alex

[kevin plummer]

Hi Alex,

when the session expires the login and pw entered do not exist on the server any more. Yes a bit confusing for the user as they are on shown on the screen. A couple of things you could try: Add a timer and redirect the page before the session expires or add some simple validation to your login screen to check for blank username. If it is, throw an alert message about "login window open too long and needs to be re-entered for security reasons etc". I've had that one before with internet banking.

[Bruce]

when a form is generated, some settings required by the orm later on are stored in the session queue.

If the session expires, the Save (or in this case Login) button no longer works.

However I can see that the Login screen is something of a special case, so I'll see if it's an issue that can be worked-around.

cheers
Bruce

[terryd]

Hi Alex
I see your point.
Hasn't affected me yet but I suppose it's better than having a user phoning up and saying that they can't login

[alex.kolaric]

Thanks Bruce and all included in this conversation,

I think that it could be useful for all NT users to solve this issue. Let's hope that Bruce can come up with some solution without much of a grief.

Regards,
Alex