[wp-trac] [WordPress Trac] #23295: Improved login expiration warning

WordPress Trac noreply at wordpress.org
Sun Feb 3 00:28:21 UTC 2013 

#23295: Improved login expiration warning
----------------------------+------------------
 Reporter:  mintindeed      |       Owner:
     Type:  task (blessed)  |      Status:  new
 Priority:  normal          |   Milestone:  3.6
Component:  Autosave        |     Version:
 Severity:  normal          |  Resolution:
 Keywords:  autosave-redo   |
----------------------------+------------------

Comment (by mintindeed):

 It was simpler just to load it everywhere in the admin, so I did that.  It
 would be pretty easy to further extend it to show it on non-admin pages if
 the user is logged in.

 I wrapped it in an object so that it's as self-contained as possible, and
 to make it easy to override & extend as needed.  I'm including the class
 via wp-settings.php, then adding a "loader" helper function in
 functions.php, and adding an action to default-filters.php to actually
 load it.  The action runs in "init" so that plugins, themes, etc can
 unhook it if desired.  (Not "admin_init"; the WP_Auth_Check class is
 responsible for determining that it only wants to run in the admin, this
 also allows plugins to change when/how it's loaded by overriding
 WP_Auth_Check::_init().)

 > Block publish/save until login has been verified. Polling duration can
 be decreased (or maybe even done away with entirely) if we block the
 Publish/Save/etc actions until we've verified the user's cookie.

 The JS will disable the save/publish/move to trash buttons (the plugin had
 this behaviour).  That's probably fancy enough for now?


 >> Pre-emptive notification. When approaching the user's login cookie
 expiration time, say 1 hour before, display a message and allow the user
 to extend their login. For example, how banking sites notify you when
 you've been inactive too long and they're about to log you out.
 > We can use the new Heartbeat API from JS to request time left to cookies
 expiration, or on the PHP side, send notification to the browser one hour
 before.

 The plugin polled every 15 seconds, which is the same duration as the
 heartbeat, so I'm hooking into the heartbeat API to run the login check.
 It would be pretty simple to add a message this way; I'll take a stab at
 that after I make any necessary revisions to the attached patch.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/23295#comment:12>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list