Uploaded image for project: 'Confluence Cloud'
  1. Confluence Cloud
  2. CONFCLOUD-45632

Synchrony editor loses content despite saying 'Changes saved' when session expires

XMLWordPrintable

    • 1

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion.

      The Confluence editor has always behaved in the worst possible way when a session expires – namely, it provides no hint that anything is wrong, until it's time to save, when you're redirected to the login page and lose all your work.

      Some developers might consider losing customer data under normal circumstances a hideous bug, but no, it was resolved as "won't fix due to limited demand" on CONF-29379.

      What's new is that Synchrony behaves even worse than the old editor. When a session expires mid-edit, as one types, Synchrony still displays a 'Saving changes' message:

      then replaced by a 'Changes saved' message when one stops typing:

      But this is a filthy lie, as can be seen if one watches the developer console. The changes aren't being saved:

      When one finally clicks 'Update', one just gets a spinner and nothing is saved.

      Steps to Replicate

      1. Load up Chrome and edit any page (assuming Synchrony enabled)
      2. Hit F12 to open the developer panel, go to the 'Applications' tab and view the page's cookies:
      3. Delete the JSESSIONID and 'seraph.confluence' cookies to simulate a session timeout with no 'remember me'.
      4. Continue editing. The editor will keep reporting 'Changes saved' despite obviously being unable to.
         

      Some Q&A:

      This must be wrong. Doesn't the editor display a warning when it can't save a draft?

      Confluence's editor displays a nice 'Error saving draft. No draft has been saved' message if it loses connection with the server. If it merely gets 403 errors, it continues happily pretending to save.

      If this bug is so terrible, why have I never encountered it?

      Because normally developers tick 'Remember me' when logging in. Also, the chances of having an editor open at the point of session expiration (1h) is moderately low.

      Why don't users tick 'Remember me'?

      Because it's unticked by default, and somewhat cryptic to the uninitiated.

      Also, some SSO systems like Okta work by storing users' credentials for them, providing an alternative login screen (e.g. Okta SWA), and logging in on behalf of users. Okta users in particular never get to set the 'Remember me' checkbox.

      Why isn't 'Remember me' ticked by default?

      You tell me.

        1. conf_cookies.png
          conf_cookies.png
          80 kB
        2. confedit_errors.png
          confedit_errors.png
          48 kB
        3. synchrony_saved.png
          synchrony_saved.png
          11 kB
        4. synchrony_saving.png
          synchrony_saving.png
          11 kB

            Unassigned Unassigned
            7c5359af675b Jeff Turner
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: