[suggestion] Prompt admin to revalidate session as it nears TTL

[rhoerr]

Continue session

With PCI 4 requiring a session lifetime of 15 minutes or less, it would be very useful to (1) warn admins when they're getting near it on an open tab, and (2) allow them to renew it and continue their session.

Something like

This would be useful for cases where the admin might reasonably take longer than 15 minutes to perform an action -- like editing a product or content page, or working on an admin order in the background.

If this is done, it should share and track the session expiry state in browser session storage (or similar) so it can work across tabs. Loading a new tab should update the timer on existing tabs. Clicking 'continue' in one tab should update the timer on others.

Reauthenticate

A possible further enhancement would be to show a login overlay on top of the page once the 15 minutes passes, to allow the admin to re-log in and then continue in the page where they left off. This would require somehow refreshing all the URL hashes in the page based on the new admin session ID/key.

[rhoerr]

Hi @aligent-lturner! Wondering if you have any thoughts or plans here.

[aligent-lturner]

@rhoerr I definitely like the idea. Very open to community PRs if you have anything already - otherwise, I can create a ticket with our team internally and get someone to look at it when they free up.

[rhoerr]

@aligent-lturner Thanks! I don't have anything written for the feature. We do use this module across a lot of clients though.

FYI I'm interested in possibly bundling this module with Mage-OS for PCI 4 compliance. We have a feature release coming in two weeks but I'm not certain if the timing will work out. Not my decision alone. (No relation to this issue--this isn't a blocker.)

[rhoerr]

Thank you for working on this! Great to see.

FYI we did end up bundling this module with this week's Mage-OS 2.0 release. Appreciate all your efforts on it.

[aligent-lturner]

@rhoerr version 1.3.0 should now have this functionality. A modal popup should appear one minute before session expiry, with a button to extend the session.