Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make it more difficult to accidentally clear the session data #588

Merged
merged 4 commits into from
Sep 6, 2018
Merged

Make it more difficult to accidentally clear the session data #588

merged 4 commits into from
Sep 6, 2018

Conversation

charge-valtech
Copy link

Referenced by this issue: #587

A user (low digital skills) was testing our prototype on their iPad and half way through, they managed to rest their palm on the "Clear data" link. Causing quite a bit of disruption to the test.

This change introduces another page which the user comes to, allowing them to go back, or continue to clear the session data.

@charge-valtech charge-valtech mentioned this pull request Aug 20, 2018
Closed
NickColley
NickColley approved these changes Aug 20, 2018
View reviewed changes
app/views/clears-data.html Outdated
<div class="govuk-grid-column-two-thirds">
{{ govukBackLink({
"text": "Back",
"href": "javascript: window.history.go(-1)"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking comment:

I believe we can populate this href using the referrer in the server, this is more effort and could be done as a followup.

NickColley
NickColley reviewed Aug 20, 2018
View reviewed changes
app/views/clears-data.html Outdated

{{ govukButton({
text: "Clear data",
href: "/prototype-admin/clear-data"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking:

I'd expect this kind of interaction to be a <form> that POSTs to an endpoint, rather than a link to a new page.

@kr8n3r
Copy link

kr8n3r commented Aug 20, 2018

@charge-valtech could you add an entry to CHANGELOG under the "Unreleased" heading ?

NickColley
NickColley suggested changes Aug 20, 2018
View reviewed changes
Copy link
Contributor

@NickColley NickColley left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Spoke to Joe

The files that are in app/view are for users to prototype with, so since these files are not important for people to see, we could consider moving them.

Could we put the clear data page in lib/prototype-admin instead?

@charge-valtech
Copy link
Author

Good point @NickColley - I wasn't sure where to put it but that makes much more sense.

@36degrees
Copy link
Contributor

@charge-valtech would you be able to rebase to fix that CHANGELOG conflict?

@36degrees
Copy link
Contributor

@charge-valtech I hope you don't mind, I've rebased this against master and cleaned up an errant merge from master (that 'Update branch' button in the GitHub interface seems to do more harm than good most of the time)

I'm happy this can be merged now – @NickColley would you mind giving it a second pass?

@NickColley
Copy link
Contributor

@charge-valtech thanks for your patience with us! This is a great addition.

@36degrees 36degrees merged commit 0542338 into alphagov:master Sep 6, 2018
@charge-valtech
Copy link
Author

Nice one, thanks @36degrees, @igloosi and @NickColley 👍

@kr8n3r kr8n3r mentioned this pull request Sep 10, 2018
Merged
36degrees added a commit that referenced this pull request Oct 8, 2018
@36degrees
Use form POST request when clearing session data
ae83a74 
This builds on the work done in #588.

Previously the ‘clear data’ feature used two GET requests – one to display the confirmation screen, and a second to actually clear the session data. This is not ideal because GET requests are meant to be nullipotent (to have no side effects), and links from the docs part of the kit were still pointing to the old URL, which bypassed the confirmation screen.

This adds a form to the confirmation screen which POSTs to itself (/prototype-admin/clear-data), and changes the old data-clearing route to match.
@36degrees 36degrees mentioned this pull request Oct 8, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@NickColley NickColley NickColley approved these changes

@36degrees 36degrees 36degrees approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@charge-valtech @kr8n3r @36degrees @NickColley @neves-io