[MGNLUI-421] No visible user name, no way to log out Created: 21/Aug/12  Updated: 19/Jun/13  Resolved: 19/Jun/13

Status: Closed
Project: Magnolia UI
Component/s: None
Affects Version/s: None
Fix Version/s: 5.0

Type: Bug Priority: Major
Reporter: Andreas Weder Assignee: Espen Jervidalo
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Cloners
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   
  • The name and main role of the currently logged-in user is not indicated.
  • There's no possibility to log out. The action to log out is located in a pop-up menu available when you click on the user name.

Note that that there are no visuals and no style guide definitions defining this pop-up currently, but a similar item is being worked on. For now, implement a pop-up working and looking similar to the one available in the prototype.



 Comments   
Comment by Andreas Weder [ 11/Sep/12 ]

Still missing, but I'm moving this to the 5.0 backlog.

Comment by Tobias Mattsson [ 29/Nov/12 ]

Should logging out mean that you log out in all your tabs? Cause we have different AdminCentral instances for the same user in multiple tabs using the same login/http-session.

Comment by Andreas Weder [ 03/Dec/12 ]

I assume you're asking whether we should explicitly or actively log out a user in every open browser tab, which is using the same http session as the one she's just logged out from.

I could live without this. I think the minimum behavior should be that I get the log-in screen as soon as it is detected that my session has expired. As an example, let's assume I've logged out, but in a different browser tab, which still shows the page tree of Pages, I execute the "New folder" action. I'd expect that it is then detected that my session is no longer valid and I'm being shown the login screen and am asked to log-in again. If I've done that successfully, Pages opens again (same location in the address bar) and I then would have to re-launch my action. As I said, I think this is the minimum behavior which we should support.

Whether we should actively log a user out in every open browser tab or window seems could be a security sensitive question. Is it critical, if a tab of a no longer valid session still exposes/shows some data? If this is a security risk, then we should implement an active logout on top of the minimum behavior.

I could ask for feedback from users e.g. on the users list or launch a poll to answer this question.

Generated at Mon Feb 12 08:36:43 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.