February 23, 20188 yr A lot of questions on here (one of which has been mine, and has tripped me up a couple of times) are the "wrong csrf_token" in the logs due to browsers being left open over a reboot. I have a habit of leaving quite a few browsers open here and there and swamping my log. Would a UI update be possible that stores a boot ID/timestamp in the client and periodically polls the server to see if they still match? (I don't know what data is available to the client, but presumably there's something that could identify the current boot without compromising security) Then, if the server has been rebooted, the browser will know by the next ajax call, stop further calls and either... - reload (not sure it's wise) - redirect to a message page - overlay a modal message
February 23, 20188 yr Perhaps at that point, the UI should detect that the session does not exist (since it does not match) and direct the user to a Re-Authentication/Login page?
Archived
This topic is now archived and is closed to further replies.