[wp-trac] [WordPress Trac] #23295: Improved login expiration warning

WordPress Trac noreply at wordpress.org
Sun Mar 17 00:05:16 UTC 2013

#23295: Improved login expiration warning
 Reporter:  mintindeed                           |       Owner:
     Type:  task (blessed)                       |      Status:  new
 Priority:  normal                               |   Milestone:  3.6
Component:  Autosave                             |     Version:
 Severity:  normal                               |  Resolution:
 Keywords:  autosave-redo has-patch ui-feedback  |

Comment (by azaozz):

 Been thinking how to organize this code better. This dialog is shown very
 rarely, it's not warranted loading the html, css and js on all screens all
 the time. Currently most of it is sent through heartbeat and injected into
 the DOM. This is acceptable for testing but not a good idea for

 Another big concern is that there may be "frame busting" JS on the Log In
 screen added by a plugin as defence against click-jacking. These JS
 snippets were quite popular couple of years ago, still see them around
 although they are not very effective. If that happens, the Log In screen
 will open instead of the iframe and the user will loose any unsaved
 changes (and our "You will not move away from this screen" looks really

 To work around that we can use an XHR instead of having an iframe (XHRs
 can be used to set cookies). Another technique is to create an iframe then
 submit a <form> with `target="iframe-name"`. In this case the main page is
 not reloaded and cookies are set as usual. The only problem with these
 approaches is that if there is branding on the Log In screen, it will have
 to be applied to the "local" log in form, i.e. some themes and/or plugins
 would need to be updated.

Ticket URL: <http://core.trac.wordpress.org/ticket/23295#comment:37>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list