Cessquill Posted February 23, 2018 Share Posted February 23, 2018 A lot of questions on here (one of which has been mine, and has tripped me up a couple of times) are the "wrong csrf_token" in the logs due to browsers being left open over a reboot. I have a habit of leaving quite a few browsers open here and there and swamping my log. Would a UI update be possible that stores a boot ID/timestamp in the client and periodically polls the server to see if they still match? (I don't know what data is available to the client, but presumably there's something that could identify the current boot without compromising security) Then, if the server has been rebooted, the browser will know by the next ajax call, stop further calls and either... - reload (not sure it's wise) - redirect to a message page - overlay a modal message Quote Link to comment
BRiT Posted February 23, 2018 Share Posted February 23, 2018 Perhaps at that point, the UI should detect that the session does not exist (since it does not match) and direct the user to a Re-Authentication/Login page? 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.