Ideally it would work such that if timeout time expires, tokens deleted on browser and the screen display is just an unlock modal I have not reviewed what the Session Lock code does but functionally it looks like it logs you off so the session is never "locked", its just a blanket log out with a screen implying that you are locked
I've attached an image of what I am trying to describe - basically an overlay so that your modals/pages remain in place since a full page route removes any pending work you were potentially in the middle of
1 Answer(s)
-
1
Hi @smry
For security purposes, session lock feature is implemented this way. But, redirecting user to the last visited page before login is a good idea. Could you create an issue on https://github.com/aspnetzero/aspnet-zero-core so we can implement it ?
Thanks,
