Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: Can access "Create Project" even with an expired session #1841

Open
NilakshiS opened this issue Sep 11, 2024 · 0 comments
Open

Bug: Can access "Create Project" even with an expired session #1841

NilakshiS opened this issue Sep 11, 2024 · 0 comments
Labels
bug Release Note: Shows as Error Correction level: medium p-feature: Project Page p1 Users Define Project including AIN, Adress, Ect. /calculation/1 priority: MUST HAVE role: front-end Front End Developer size: 2pt Can be done in 7-12 hours
Milestone
10 - Launch

Comments

@NilakshiS
Copy link
Member

Describe the bug

I can access the "Create Project" page even with an expired session which should not be possible. I can put all the details for the project but when I try to save the project on any page by clicking the "Save Project" button, I get logged out, redirected to the Login page (the "Leave page and delete unsaved data" warning is displayed first), and get the expired session notification.

Because the bug allows user to use the calculator when the session has expired, the entered data is lost when user finally tries to save.

Currently affects the tdmdev login - Admin ([email protected]) account, unsure if more users are affected.

Steps to reproduce the issue

  1. Login to the dev site.

  2. Go to "Create Project" page.

  3. Wait for the session to expire or "Expire" the session using dev tools.

    Instructions for using Chrome Dev tools to expire the session
    • Open Developer tools in the browser.
    • Go to the "Application" tab in dev tools.
    • From the menu on left, under "Storage" select "Cookies".
    • Click on the item "https://tdm-dev.azurewebsites.net/" if not already selected.
    • In the list of cookies that opens on the right, find the item with the name "jwt".
    • Double click on the value in "Expires/ Max Age" column for the "jwt" item.
    • Change the date to a day before, for example, if it's 2024-09-12T07:44:24.722Z, change it to 2024-09-11T07:44:24.722Z.
    • Click outside the panel to change the value, the "jwt" item will disappear from the list.
    • Close the dev tools.

  4. Navigate to "About" page then go back to the "Create Project" page.

What's the expected result?

After the last step, clicking on the "Create Project" button should cause the user to be logged out and:

  • Either be redirected to the login page with an expired session notification displayed
  • Or stay on the same page with the "expired session" notification and "projects cannot be saved without logging in" notification displayed

What's the actual result?

The user can still enter all the details and is never notified that the project will not be saved at the end. Only when the user clicks the "Save Project" button, they are logged out and expired session notification is displayed.

Additional details / screenshot

An image of the page 5, notice that the user is still shown as logged in and the summary page is displayed

image

An image of warnings diplayed when "Save Project" is clicked.

image

Device configuration

  • Device: desktop computer
  • OS version: Windows 11 OS
  • Browser: Chrome
  • Browser version: 128.0.6613.121
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Release Note: Shows as Error Correction level: medium p-feature: Project Page p1 Users Define Project including AIN, Adress, Ect. /calculation/1 priority: MUST HAVE role: front-end Front End Developer size: 2pt Can be done in 7-12 hours
Projects
P: TDM: project board
Status: Prioritized Backlog
Milestone
10 - Launch
Development

No branches or pull requests
2 participants
@NilakshiS @maulieshah