[wp-trac] [WordPress Trac] #31897: Update Customizer nonces via Heartbeat API

WordPress Trac noreply at wordpress.org
Thu Feb 25 01:16:47 UTC 2016


#31897: Update Customizer nonces via Heartbeat API
------------------------------------------+-----------------------------
 Reporter:  westonruter                   |       Owner:  voldemortensen
     Type:  enhancement                   |      Status:  assigned
 Priority:  low                           |   Milestone:  Future Release
Component:  Customize                     |     Version:  3.4
 Severity:  normal                        |  Resolution:
 Keywords:  needs-patch needs-unit-tests  |     Focuses:  javascript
------------------------------------------+-----------------------------

Comment (by westonruter):

 Replying to [comment:25 adamsilverstein]:
 > Doesn't the user get a warning to log in again before their session
 expires in the customizer?

 Once their session expires, the user gets prompted to re-login. But the
 nonces generally have a shorter lifespan than the user sessions, so this
 would ensure the nonces remain valid for the entire session, unless… if
 they sleep their computer with the Customizer open for a day, and then
 wake their computer: the nonces will have expired, including the nonce for
 Heartbeat itself. So in this case, it seems the only solution would be for
 the user to reload the Customizer, or I suppose a prompt to re-login would
 have the same effect.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/31897#comment:27>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list