Session Expired modal blocking me


#1

I started getting “Session Expired. Please click OK to reload the page and continue using myBalsamiq” all the time. This is bugging me all the time, it appears on top of all my tabs with wireframes, which I keep opened.

It used to not appear previously, so I could view all my wireframes in a glance. Now I get back to work in the morning or after lunch and all tabs are blocked by this modals. This is so unpleasant, what’s the reason for this to appear? Why it used to be good and changed for bad?


#2

Hey @yaroslavpat, I’m sorry about the frustration that modal is causing you. It’s the result of a new token we recently implemented to increase myBalsamiq’s security. The screen appears when your browser tab loses connection with myB for a long period of time and cannot refresh the token automatically.

Is your computer is going to sleep when you go to lunch (and when you leave for the night)? If it is possible, you can adjust the sleep timer on your computer to mitigate the problem. As long as your browser can talk to myBalsamiq, you shouldn’t ever see that modal.

I’m sorry for the irritation this is causing you, but it is something that is making myBalsamiq a lot more secure!


#3

This is also driving me crazy. My design time is frequently interrupted by other tasks, and I’d become very accustomed to leaving mybalsamiq open in a tab until I can come back later. Now I’m forced to refresh and (hopefully) recover whatever unsaved changes there are. And when I refresh, I’m not required to enter my password, so I’m having a hard time understanding how this really improves security. Is there no way the token can be refreshed seamlessly?


#4

Hi @Alex_Parsons

Can you please tell us a bit more about the way you work.
When you get interrupted does your computer enter the sleep mode?
Does your computer stay active and you just switch to another browser tab and the token expires? If that is the case which browser do you use?

We use anti Cross Site Request Forgery (CSRF) tokens. The token gets renewed regularly.
When hasn’t been performed for a while you will not get a new one. The token expire after a while. If you no longer have a valid token then you will not get a new token until you reload the page.

You don’t need to log back in because of another token that has a longer expiration than the CSRF token. Unfortunately, that longer lasting token cannot be used to refresh the CSRF token on the fly. The only way to get a fresh CSRF token is to reload the page right now.

We are looking into improving the situation.