I have a private installation in a VM. I load ECL Watch and keep it open. After some amount of time, I am challenged to re-authenticate. I understand that timing out sessions is a designed feature, but I see multiple issues with the current implementation:
- I never authenticated. I never set a username or password, and have no idea what it expects for re-authentication. Pressing Unlock without entering values has no effect. Perhaps timed out sessions not associated with a credentialed user should merely report the timeout and provide a reconnect option.
- I can't enter a username value. I click in the field and the carat is displayed without blinking, and no key input is accepted. I am using Firefox (both in Ubuntu and on Windows), in case this is a browser issue.
- If I remove the path from the URL and reload the page, I get back into ECL Watch without authenticating. It seems wrong for an authentication challenge to be so easily bypassed.