Topcoder-Platform/public-website-qa-bug-hunt
2
1
Fork 0
Code Issues 119 Pull Requests Wiki Activity

Session Idle Timeout Not Enforced - User Remains Logged In After 30 Minutes Idle #209

New Issue
Closed
opened 2025-09-22 10:40:46 -04:00 by swap12875d · 0 comments
swap12875d commented 2025-09-22 10:40:46 -04:00
Copy Link

Description:

After logging into the application and keeping the app idle for around 30 minutes, the user remains logged in and can still perform actions such as registering for challenges that require an active logged-in state. The application should automatically log out the user after the idle session timeout period to ensure session security and proper user state management.

Current URL:

https://www.topcoder.com/challenges

Steps to reproduce:

  1. Go to https://www.topcoder.com and log in to the application.

  2. Leave the application idle (without any user interaction) for approximately 30 minutes.

  3. Observe the user login state on the app.

  4. Attempt to register for any challenge or perform any action that requires the user to be logged in.

Actual results:

  • The user remains logged in despite the idle timeout period.

  • The user can perform all actions that require a logged-in state without being logged out.

  • Session timeout is not enforced, leading to potential security risks.

Expected results:

  • The application should automatically log out the user after the idle session timeout period (around 30 minutes).

  • Any actions requiring logged-in status should redirect or block access if the session has expired.

  • Proper session management should prevent unauthorized use after idle timeout.

Screenshots/Videos:

OS and Browser version:

Windows 11, Chrome 140.0.7339.186

VersionDetails:

Windows_chrome_version_screenshot

Device:

Windows Laptop

Reproducibility:

5/5 (reproducible every time)

#### Description: After logging into the application and keeping the app idle for around 30 minutes, the user remains logged in and can still perform actions such as registering for challenges that require an active logged-in state. The application should automatically log out the user after the idle session timeout period to ensure session security and proper user state management. #### Current URL: https://www.topcoder.com/challenges #### Steps to reproduce: 1. Go to https://www.topcoder.com and log in to the application. 2. Leave the application idle (without any user interaction) for approximately 30 minutes. 3. Observe the user login state on the app. 4. Attempt to register for any challenge or perform any action that requires the user to be logged in. #### Actual results: - The user remains logged in despite the idle timeout period. - The user can perform all actions that require a logged-in state without being logged out. - Session timeout is not enforced, leading to potential security risks. #### Expected results: - The application should automatically log out the user after the idle session timeout period (around 30 minutes). - Any actions requiring logged-in status should redirect or block access if the session has expired. - Proper session management should prevent unauthorized use after idle timeout. #### Screenshots/Videos: <video src="attachments/8c7bf347-d72b-467d-bbf6-1eb7100a124e" title="no ideal session timeout happening after long wait of 30 min ideal session.mp4" controls></video> #### OS and Browser version: Windows 11, Chrome 140.0.7339.186 VersionDetails: <img src='/attachments/1f354afb-af2d-44dc-8c03-73de2f71fa79' width='600' height='375' alt='Windows_chrome_version_screenshot'> #### Device: Windows Laptop #### Reproducibility: 5/5 (reproducible every time)
no ideal session timeout happening after long wait of 30 min ideal session.mp4
6.1 MiB
swap12875d added the ChromeWindowsFunctionalMacOSEdgeFirefox labels 2025-09-22 10:40:46 -04:00
nithya160925 added the Not a bug label 2025-09-24 15:18:48 -04:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
carousel
issues related to carousel on different pages
 Chrome
Content
An issue involving incorrect or outdated content
 data issue
duplicate
Edge
Firefox
Functional
An issue where a feature or function is not behaving as expected
 incomplete
incomplete steps, missing details
 Invalid
Issues that are not in scope, not reproducible, incomplete, etc
 MacOS
Not a bug
Out of Scope
P: Account Settings
P: AI Hub
P: Blog
P: Challenge Details Page
P: Challenge Listing Page
P: Customer Stories Page
P: Freelancers Page
P: Help page
P: Help Page
P: Homepage
P: Marathon Tournament Page
P: My Profile
P: Review Opportunities Page
P: SignUp flow
P: Statistics Page
P: Talent Page
P: Terms and Policies
P: Thrive
P: Topcoder Academy
P: Topcoder Customer Account
Safari
S: Critical
The issue causes data loss, a system crash, or a major part of the application to be unusable. A workaround may exist, but it is not acceptable for end-users.
 S: High
he issue is a significant bug that affects a key feature, causes incorrect behavior, or results in a poor user experience. It needs to be addressed soon.
 S: Low
A minor issue with minimal impact, such as a typo, misaligned element, or a cosmetic flaw.
 S: Medium
The issue is a noticeable problem, but it doesn't break core functionality. It might be a UI issue, a confusing error message, or a minor functional bug.
 Trivial
UI
An issue concerning a visual design and layout (Ex: button misaligned, text is overlapping)
 UX
An issue that negatively affects the user's journey or usability
 valid
Windows
No Label Chrome Edge Firefox Functional MacOS Not a bug Windows
Milestone
No items
No Milestone
Assignees
Clear assignees
kiril.kartunov nithya160925 tester1234
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Topcoder-Platform/public-website-qa-bug-hunt#209
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?