Unlike Content Translation (T192066), Section Translation does not surface that the session has expired for the user. As a result a user can start translating an article and when publishing, the contents get added associated to the user IP instead without any notice.
This can be tested on the test server by starting a translaiton as logged in user and log-out from a separate window before publishing. The behaviour on production wikis has not been verified.
Even when publishing is allowed for anonymous, we don't want his to happen by surprise, and we should inform of the session expiry.
This ticket proposes to show a dialog like the one used in Content Translation:
We may want to adjust the messaging for it to make more sense even for those cases where logged-out editing is allowed:
Your session has expired
Your edits cannot be saved and attributed to your account unless you log in again in another window.
[Log-in]
Implementation details
- We want to assert the user, every time the user returns to the application from another window, or tab, i.e. when visibilitychange event is triggered and visibilityState is set to "visible".
- We want to assert the user before each router navigation. Since logging out in another window can still go unnoticed if we only implement the previous (1.) item, we want to assert the user before each router navigation, so that we make sure to not let them proceed to next steps in such cases.
- We want to assert the user on critical API requests, i.e. auto-saving and publishing requests. We may assert the user in other API calls too, but we'll only display the login dialog for auto-saving and publishing requests, failing with "assertuserfailed" error.
For case (3.) we do not need to send an additional request for the user assertion, we can accomplish that by just adding a parameter to the existing saving and publishing requests. Nevertheless, we need to send extra requests for both (1.) and (2.) cases. To avoid redundant "assert user" requests being sent simultaneously, we should debounce these requests for at least 3 seconds.