Overview

After session times out, the XB page stuck on the error message. Only after a redirect, the login page appears. Ideally, clicking "Try Again" should take the user directly to the login page.

Steps to reproduce:

  1. log in
  2. use XB, e.g. go to /xb/node/1/editor
  3. use the browser console to rename the session cookie, for example, add a prefix
  4. a few seconds later, you'll see the above

Below are the network errors :

{
    "status": 403,
    "data": {
        "errors": [
            "This route can only be accessed by authenticated users."
        ]
    }
}

[
    "The 'edit xb_page' permission is required."
]

Proposed resolution

User interface changes

CommentFileSizeAuthor
#24 Screenshot 2025-08-29 at 11.48.21 AM.png91.16 KBlauriii
#23 Screenshot 2025-08-28 at 8.14.57 PM.png174.37 KBmayur-sose
#23 Screenshot 2025-08-28 at 8.10.25 PM.png139.32 KBmayur-sose
#20 session timeout.gif48.62 KBwim leers
#2 Screenshot 2025-06-26 at 4.18.47 PM.png64.9 KBwim leers

Issue fork experience_builder-3532618

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

mayur-sose created an issue. See original summary.

wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Title: After source session timeout, XB page stuck on the error message » After session times out, the XB UI is stuck
Component: … to be triaged » Page builder
Priority: Normal » Minor
Issue summary: View changes
Issue tags: +Usability, +JavaScript
StatusFileSize
new Screenshot 2025-06-26 at 4.18.47 PM.png64.9 KB

Thanks, interesting edge case! 😄

wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Issue tags: -JavaScript +JavaScript
Related issues: +#3509333: After an error it’s possible to get trapped in an unrecoverable error state

Similar symptoms as #3509333: After an error it’s possible to get trapped in an unrecoverable error state!

mayur-sose’s picture

mayur-sose commented
Issue summary: View changes

bnjmnm made their first commit to this issue’s fork.

bnjmnm’s picture

bnjmnm
he/him
Primary language English
Location Ann Arbor, MI
commented
Assigned: Unassigned » bnjmnm

bnjmnm opened merge request !1394

bnjmnm’s picture

bnjmnm
he/him
Primary language English
Location Ann Arbor, MI
commented
Version: 0.x-dev » 1.x-dev

bnjmnm opened merge request !1398

bnjmnm changed the visibility of the branch 3532618-after-session-times to hidden.

larowlan’s picture

larowlan
Location 🇦🇺🏝.au GMT+10
commented

Neat approach. Can we get a kernel test added for the authentication checker?

bnjmnm’s picture

bnjmnm
he/him
Primary language English
Location Ann Arbor, MI
commented

Neat approach. Can we get a kernel test added for the authentication checker?

Yep,! There's a bunch of other tests that need updating too - I just didn't want to do all that refactoring until I got a +1 but now that I have one I'll hop on that.

bnjmnm’s picture

bnjmnm
he/him
Primary language English
Location Ann Arbor, MI
commented
Assigned: bnjmnm » Unassigned
Status: Active » Needs review
wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Assigned: Unassigned » bnjmnm
Status: Needs review » Needs work

Looking good! Missing some cacheability bits — provided pointers to prior art.

Two tests are failing:

  1. one thanks to the new testAuthenticationRequiredPermission() (👍) — it identified one route definition that still needs to be updated
  2. one which I suspect is due to a bug in the new access check: https://git.drupalcode.org/project/experience_builder/-/merge_requests/1...
wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Issue tags: +Needs screenshots

Would also be nice to get a GIF of this new UI functionality in action 😇

bnjmnm’s picture

bnjmnm
he/him
Primary language English
Location Ann Arbor, MI
commented
Assigned: bnjmnm » Unassigned
Status: Needs work » Needs review

Failing test is just a flaky Playwright

wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Assigned: Unassigned » bnjmnm
Status: Needs review » Needs work

Reopened a thread, because I don't understand the answer: https://git.drupalcode.org/project/experience_builder/-/merge_requests/1...

A mild concern about relying on https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Authentication#... at https://git.drupalcode.org/project/experience_builder/-/merge_requests/1... — but I'm okay with merging as-is.

Just need to get clarity on that one thing 😇

wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Assigned: bnjmnm » wim leers

Ahhhhh! 

  public function testAssetLibrary(): void {
    // Delete the library created during install.
    $library = AssetLibrary::load(AssetLibrary::GLOBAL_ID);
    \assert($library instanceof AssetLibrary);
    $library->delete();

That is why! Reverting my revert, and merging 👍

wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Assigned: wim leers » Unassigned
Status: Needs work » Reviewed & tested by the community
wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Issue summary: View changes
Issue tags: -Needs screenshots
StatusFileSize
new session timeout.gif48.62 KB

Manually tested, works well 👍

  • wim leers committed 2a9ff9e2 on 1.x authored by bnjmnm 
    Issue #3532618 by bnjmnm, wim leers, mayur-sose: After session times out...
wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Status: Reviewed & tested by the community » Fixed

🎉

mayur-sose’s picture

mayur-sose commented
StatusFileSize
new Screenshot 2025-08-28 at 8.10.25 PM.png139.32 KB
new Screenshot 2025-08-28 at 8.14.57 PM.png174.37 KB

After renaming the cookie and reloading the page, I am getting the following session timeout error: 

{
    "errors": [
        "You must be logged in to access this resource."
    ]
}

Error 401: You must be logged in to access this resource.

And after clicking on the "Go to login" button, the page is correctly redirected to the login page. This behaviour is working as expected. Now, the page is not getting stuck on the error page.

lauriii’s picture

lauriii
he/him
Primary language Finnish
Location Finland
commented
Status: Fixed » Needs work
StatusFileSize
new Screenshot 2025-08-29 at 11.48.21 AM.png91.16 KB

We need to adjust the errors that are displayed to user in this situation. This isn't really an unexpected error.. This is just the users session timing out?

wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented

Yeah, I was thinking that too — but this is such a massive improvement compared to where we were before that I didn't want to push back over this. 😅

lauriii’s picture

lauriii
he/him
Primary language Finnish
Location Finland
commented

+1 for landing the fix as it is but it would be great to plan for doing #24 too.

wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Title: After session times out, the XB UI is stuck » [Needs design] After session times out, the XB UI is stuck
Status: Needs work » Postponed (maintainer needs more info)
Issue tags: +Needs design

Okay — but what do you expect that to look like? We were flying blind here: empty proposed solution in the issue summary, no designs.

So: the hard part is done — now we just need to tweak it to no longer have this less-than-great UX 😊

Project: Experience Builder » Drupal Canvas

Experience Builder has been renamed to Drupal Canvas in preparation for its beta release. You can now track issues on the new project page.