Session variables, flash messages, performance improvements and more

This update (c47d0e4) brings with it the following improvements:

New features

  • Session variables can now be used to store information for anonymous users. Only pre-approved variables can be used, and they have very limited size.
  • Whenever you perform an activity that stores some kind of information, you will now get a flash message about what happened when the page redirects. This message was not displayed earlier. Flash messages can have three severities: info, warning and error.
  • Anonymous users can now set their language preference using the manage_language() template function. This is not available in the default template, but sites can choose to use this feature as required. All three language settings can be set.

Performance improvements

  • Session authentication and information is now stored in a Redis database that should allow much higher concurrency than our old solution.
  • Avoid logging a lot of event information that is never displayed anywhere. Also removed 34 million old events which are no longer needed.

Security improvements

  • The session ID is no longer logged with the login event, which could be used by certain privileged users to hijack sessions. This is no longer possible.
  • The online request handler now shows the IP addresses associated with the sessions if you're logged in as a global administrator. Guests are also displayed in the table.

Enhancements

  • Whenever you hide or show the left/right panels or the message of the day, this is now stored in a session variable instead of a cookie.
  • The user panel (right side of the screen) now stores in a session variable which section is open on page refresh.
  • When you close the file browser, the last folder you were in is stored in a session variable and the next time you open it without a specific location you should be back where you were.
  • Whenever the message of the day is added or changed the users that have hidden it will see it again.
  • Flash messages are now used on CEFR sites to inform about report sent. This allows users to return to the report after sending it.
  • When storing an object using JSON response mode, the serialized object is now returned to the caller.

Bugfixes

  • Fix a partially hidden logout button issue in Google Chrome.
  • Fix a bug where the value 0 is not considered a valid label.
  • Make multi-select in the inbox and outbox more consistent with normal UI behavior.

Removals

  • The old time log request handler which was replaced with the page views report has now finally been removed. It's not been usable since February 2014.
Spinner

Login