Menu
▾
▴
#1654 After login session expires, restore navigation pane
After the login session expires due to exceeding LoginCookieValidity, we can log back in and the main pane returns to what page we were left on. However, the navigation pane stays collapsed. I would like if the navigation pane could also restore to the expanded state it was in.
I think this already works in master. I tried leaving at server, db and table levels before session expiry and upon login back in navigation panel is restored to the state it was left.
This is interesting; with the same browser, I connect to my up-to-date local instance and when my session expires, the page does not change automatically. When I try to click somewhere, I'm taken to the login page and when I log back in, I'm taken to the correct location for the main page but the navigation pane is completely collapsed. On the demo server, though, I get an immediate notice when my session has expired and when I log back in, the navigation pane is also restored as I expect.
I wonder if this is related to my Debian installation running the session purging/garbage collection script before my LoginCookieValidity is reached. I'll have to investigate a bit.
I will try to do further tests tomorrow.
Please reopen if you find anything that needs to be fixed from phpMyAdmin side.
So far what I've found is that the problem appears to exist when my LoginCookieValidity is set high and as a result the message "Your PHP parameter session.gc_maxlifetime is lower than cookie validity configured in phpMyAdmin, because of this, your login might expire sooner than configured in phpMyAdmin." is displayed.
Without actually looking at the code involved, I believe what's happening is that the state information is stored in the PHP session; when LoginCookieValidity is reached before the PHP session expires, the redirection works as expected. If the PHP session expires first, as in the case when I have LoginCookieValidity set to 24 hours, then phpMyAdmin has nowhere to store the state information (or is expecting it to be stored in the session but PHP removes it), and of course then the state information is lost.
What I'm not sure about is what happens when they both expire, for instance if LoginCookieValidity is set to 60 seconds and the PHP session expires in 120 seconds, and I'm away from the computer for 10 minutes. I believe what happens is that, on LoginCookieValidity expiration, phpMyAdmin is logged out, the user is directed to the login page, and the state information is then stored in the URL.
If this is all true, then it's completely reasonable that phpMyAdmin can't store the state information if PHP removes the session but the user has set a higher LoginCookieValidity than PHP's session limit; and I'm okay with keeping this closed. The user should set a lower LoginCookieValidity than their PHP gc_maxlifetime, and I might add a line to the documentation to warn of general odd behavior in this case.