[wp-trac] [WordPress Trac] #31897: Update Customizer nonces via Heartbeat API
WordPress Trac
noreply at wordpress.org
Wed Feb 24 23:45:33 UTC 2016
#31897: Update Customizer nonces via Heartbeat API
------------------------------------------+-----------------------------
Reporter: westonruter | Owner: voldemortensen
Type: enhancement | Status: assigned
Priority: low | Milestone: Future Release
Component: Customize | Version: 3.4
Severity: normal | Resolution:
Keywords: needs-patch needs-unit-tests | Focuses: javascript
------------------------------------------+-----------------------------
Comment (by adamsilverstein):
Replying to [comment:24 westonruter]:
> I just realized that all nonces now get updated when the preview
refreshes as of #35617,
Yea, I realized that working on the patch, I thought this was specifically
to address ''the customizer being left open for a long period'' (with no
refresh) and the nonce expiring.
I still think this is useful. A nonce could expire in as little as 12
hours - and leaving the customizer open overnight could easily expire the
nonce; this patch would issue a new nonce lasting 24 hours in this case,
and keep extending it every 12 hours as long as the heartbeat was running.
Doesn't the user get a warning to log in again before their session
expires in the customizer?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/31897#comment:25>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list