Page MenuHomeSoftware Heritage

Check OIDC user session state in frontend
Closed, MigratedEdits Locked

Description

Once a web application user is logged in using OpenID Connect, the state of his session must be regularly checked (see OpenID Connect Session Management).

When a session has expired, a silent renewal can be performed or a simple redirect to the logout page instead.

We could use the oicd-client.js library to ease the implementation.

Event Timeline

anlambert triaged this task as Normal priority.Jan 23 2020, 4:09 PM
anlambert created this task.

After experimenting with both session renewal approaches, the backend one seems a better choice here as it is quite easy to implement using a custom Django middleware.

So checking user session state on the frontend is not a real necessity, closing this as Wontfix.