renalware-core 2.0.148 → 2.0.149

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cc532fe594f3e9543c134b831af132696f44881c88673d0aacbaaa78a3f9022e
-  data.tar.gz: d15adf0bcb79edb855647ba4e73e1a7785cd0771b438348d6a1ff66032158b5c
+  metadata.gz: f6f402017b657476cbd3fbb3586210987688063fe3168b529fe9dca935b9ce11
+  data.tar.gz: 45f068499baf243025d6e1a09b9c0a685dc86d59dc07e3c2c6c0517b5c12adf5
 SHA512:
-  metadata.gz: 7c4cdc7709741aa5c19405fea7e84b96b6c11b11f0f569dc254ec11c9e1cd2a0e48d99a6dfb736040f8a60d0c1f494dbd40cddf1d823c0aa858ecd9ff37b50b1
-  data.tar.gz: aac97b39b0b13eb5a2d52bf80f3e22666fc325affc4f6fd5ea1b3cce0fdd43cb75604fb5521fe1162f2d867a8afe448ed92d4c8474dca13b00fc6a767ec82bd6
+  metadata.gz: 3396ecd803818a8fc285dc69f619cbd455ebda2f0788c54790e43488e8dd6c09f33ed954cc1188404b0f40c0f4127b5c3b26c96a15a14e0b7bcae6e4b57476ce
+  data.tar.gz: a241e179da4a434923a13f6eae4c5267880c0d375311322d580cb06e892877cade40d00af4263773e0a6b8deaf922db16c2cd366c4ba6154af118e6e8a30deab

data/app/assets/javascripts/renalware/components/session_timeout_redirect.js.erb

@@ -6,27 +6,32 @@
 // Note we don't want to poll if we are sat on the login page anyway. For one thing on Heroku it
 // would prevent a dyno sleeping, but its also a waste of resources.
 //
-$(document).ready(function() {
-  var login_path ="<%= Renalware::Engine.routes.url_helpers.new_user_session_path %>";
-  var defaultPollFreq = <%= Renalware.config.session_timeout_polling_frequency.to_i %>;
-  var frequency_s = defaultPollFreq;
+// Note this mechanism has been superceded by the session_timeout.js stimulus controller.
+//
+
+<% if Renalware.config.session_expiry_use_previous_mechansim %>
+  $(document).ready(function() {
+    var login_path ="<%= Renalware::Engine.routes.url_helpers.new_user_session_path %>";
+    var defaultPollFreq = <%= Renalware.config.session_timeout_polling_frequency.to_i %>;
+    var frequency_s = defaultPollFreq;
 
-  // This is a global window function so that we can call it directly from capybara tests to
-  // bypass having to wait for the session polling interval to tick over.
-  window.sessionTimeoutCheck = function(){
-    if(window.location.pathname != login_path) {
-      Rails.ajax({
-        type: "GET",
-        url: "<%= Renalware::Engine.routes.url_helpers.session_timed_out_path %>",
-        dataType: "html",
-        error: function(responseText, status, xhr) {
-          if (xhr.status == 401) {
-            window.location.reload()
+    // This is a global window function so that we can call it directly from capybara tests to
+    // bypass having to wait for the session polling interval to tick over.
+    window.sessionTimeoutCheck = function(){
+      if(window.location.pathname != login_path) {
+        Rails.ajax({
+          type: "GET",
+          url: "<%= Renalware::Engine.routes.url_helpers.check_session_expired_path %>",
+          dataType: "html",
+          error: function(responseText, status, xhr) {
+            if (xhr.status == 401) {
+              window.location.reload()
+            }
           }
-        }
-      });
-    }
-  };
+        });
+      }
+    };
 
-  setInterval(window.sessionTimeoutCheck, (frequency_s * 1000));
-});
+    setInterval(window.sessionTimeoutCheck, (frequency_s * 1000));
+  });
+<% end %>

data/app/assets/javascripts/renalware/core.js.erb

@@ -57,3 +57,5 @@ window.console = window.console || { log: function() {} };
 <% if Rails.env.test? %>
   $.fx.off = true;
 <% end %>
+
+$.fn.select2.defaults.set( "width", "100%" );

data/app/assets/javascripts/renalware/rollup_compiled.js

@@ -4036,6 +4036,173 @@ var _default$6 = function(_Controller) {
 
 _defineProperty(_default$6, "targets", [ "chart" ]);
 
+var Rails$1 = window.Rails;
+
+var _ = window._;
+
+var _default$7 = function(_Controller) {
+  _inherits(_default, _Controller);
+  var _super = _createSuper(_default);
+  function _default() {
+    var _this;
+    _classCallCheck(this, _default);
+    for (var _len = arguments.length, args = new Array(_len), _key = 0; _key < _len; _key++) {
+      args[_key] = arguments[_key];
+    }
+    _this = _super.call.apply(_super, [ this ].concat(args));
+    _defineProperty(_assertThisInitialized(_this), "checkForSessionExpiryTimeout", null);
+    _defineProperty(_assertThisInitialized(_this), "userActivityDetected", false);
+    _defineProperty(_assertThisInitialized(_this), "checkAlivePath", null);
+    _defineProperty(_assertThisInitialized(_this), "keepAlivePath", null);
+    _defineProperty(_assertThisInitialized(_this), "loginPath", null);
+    _defineProperty(_assertThisInitialized(_this), "throttledRegisterUserActivity", null);
+    _defineProperty(_assertThisInitialized(_this), "sessionTimeoutSeconds", 0);
+    _defineProperty(_assertThisInitialized(_this), "defaultSessionTimeoutSeconds", 20 * 60);
+    _defineProperty(_assertThisInitialized(_this), "throttlePeriodSeconds", 0);
+    _defineProperty(_assertThisInitialized(_this), "defaultThrottlePeriodSeconds", 20);
+    return _this;
+  }
+  _createClass(_default, [ {
+    key: "initialize",
+    value: function initialize() {
+      this.throttlePeriodSeconds = parseInt(this.data.get("register-user-activity-after") || this.defaultThrottlePeriodSeconds);
+      this.sessionTimeoutSeconds = parseInt(this.data.get("timeout") || this.defaultSessionTimeoutSeconds);
+      this.sessionTimeoutSeconds += 10;
+      this.checkAlivePath = this.data.get("check-alive-path");
+      this.loginPath = this.data.get("login-path");
+      this.keepAlivePath = this.data.get("keep-alive-path");
+      this.logSettings();
+      this.throttledRegisterUserActivity = _.throttle(this.registerUserActivity.bind(this), this.throttlePeriodSeconds * 1e3, {
+        leading: false,
+        trailing: true
+      });
+    }
+  }, {
+    key: "connect",
+    value: function connect() {
+      if (this.onLoginPage) {
+        this.log("connect: onLoginPage - skipping session time");
+      } else {
+        this.addHandlersToMonitorUserActivity();
+        this.resetCheckForSessionExpiryTimeout(this.sessionTimeoutSeconds);
+      }
+    }
+  }, {
+    key: "disconnect",
+    value: function disconnect() {
+      if (!this.onLoginPage) {
+        this.removeUserActivityHandlers();
+        clearTimeout(this.checkForSessionExpiryTimeout);
+      }
+    }
+  }, {
+    key: "sendLogoutMessageToAnyOpenTabs",
+    value: function sendLogoutMessageToAnyOpenTabs() {
+      window.localStorage.setItem("logout-event", "logout" + Math.random());
+    }
+  }, {
+    key: "registerUserActivity",
+    value: function registerUserActivity() {
+      this.sendRequestToKeepSessionAlive();
+      this.resetCheckForSessionExpiryTimeout(this.sessionTimeoutSeconds);
+    }
+  }, {
+    key: "resetCheckForSessionExpiryTimeout",
+    value: function resetCheckForSessionExpiryTimeout(intervalSeconds) {
+      this.log("resetting session expiry timeout ".concat(intervalSeconds));
+      clearTimeout(this.checkForSessionExpiryTimeout);
+      this.checkForSessionExpiryTimeout = setTimeout(this.checkForSessionExpiry.bind(this), intervalSeconds * 1e3);
+    }
+  }, {
+    key: "checkForSessionExpiry",
+    value: function checkForSessionExpiry() {
+      this.sendRequestToTestForSessionExpiry();
+      this.resetCheckForSessionExpiryTimeout(this.throttlePeriodSeconds * 2);
+    }
+  }, {
+    key: "sendRequestToKeepSessionAlive",
+    value: function sendRequestToKeepSessionAlive() {
+      this.ajaxGet(this.keepAlivePath);
+    }
+  }, {
+    key: "sendRequestToTestForSessionExpiry",
+    value: function sendRequestToTestForSessionExpiry() {
+      this.log("checking for session expiry");
+      this.ajaxGet(this.checkAlivePath);
+    }
+  }, {
+    key: "ajaxGet",
+    value: function ajaxGet(path) {
+      Rails$1.ajax({
+        type: "GET",
+        url: path,
+        dataType: "text",
+        error: this.reloadPageIfAjaxRequestWasUnauthorised.bind(this)
+      });
+    }
+  }, {
+    key: "reloadPageIfAjaxRequestWasUnauthorised",
+    value: function reloadPageIfAjaxRequestWasUnauthorised(responseText, status, xhr) {
+      if (xhr.status == 401) {
+        window.location.reload();
+        this.sendLogoutMessageToAnyOpenTabs();
+      }
+    }
+  }, {
+    key: "addHandlersToMonitorUserActivity",
+    value: function addHandlersToMonitorUserActivity() {
+      document.addEventListener("click", this.throttledRegisterUserActivity.bind(this));
+      document.addEventListener("keydown", this.throttledRegisterUserActivity.bind(this));
+      window.addEventListener("resize", this.throttledRegisterUserActivity.bind(this));
+      window.addEventListener("storage", this.storageChange.bind(this));
+    }
+  }, {
+    key: "removeUserActivityHandlers",
+    value: function removeUserActivityHandlers() {
+      document.removeEventListener("click", this.throttledRegisterUserActivity.bind(this));
+      document.removeEventListener("keydown", this.throttledRegisterUserActivity.bind(this));
+      window.removeEventListener("resize", this.throttledRegisterUserActivity.bind(this));
+      window.removeEventListener("storage", this.storageChange.bind(this));
+    }
+  }, {
+    key: "logSettings",
+    value: function logSettings() {
+      if (this.debug) {
+        this.log("keepAlivePath ".concat(this.keepAlivePath));
+        this.log("checkAlivePath ".concat(this.checkAlivePath));
+        this.log("loginPath ".concat(this.loginPath));
+        this.log("sessionTimeoutSeconds ".concat(this.sessionTimeoutSeconds));
+        this.log("throttlePeriodSeconds ".concat(this.throttlePeriodSeconds));
+      }
+    }
+  }, {
+    key: "log",
+    value: function log(msg) {
+      if (this.debug) {
+        console.log(msg);
+      }
+    }
+  }, {
+    key: "storageChange",
+    value: function storageChange(event) {
+      if (event.key == "logout-event") {
+        setTimeout(this.sendRequestToTestForSessionExpiry.bind(this), 2e3);
+      }
+    }
+  }, {
+    key: "onLoginPage",
+    get: function get() {
+      return window.location.pathname == this.loginPath;
+    }
+  }, {
+    key: "debug",
+    get: function get() {
+      return this.data.get("debug");
+    }
+  } ]);
+  return _default;
+}(Controller);
+
 var application = Application.start();
 
 application.register("toggle", _default);
@@ -4052,4 +4219,6 @@ application.register("prescriptions", _default$5);
 
 application.register("charts", _default$6);
 
+application.register("session", _default$7);
+
 window.Chartkick.use(window.Highcharts);

data/app/assets/stylesheets/renalware/partials/_simple_form.scss

@@ -122,7 +122,7 @@
       }
     }
 
-    &.wrapper_size_large {
+    &.wrapper_size_lg {
       > .wrapper__input {
         @media #{$medium-only} {
           @include grid-column(8, $last-column: false);
@@ -133,7 +133,7 @@
       }
     }
 
-    &.wrapper_size_small {
+    &.wrapper_size_sm {
       > .wrapper__input {
         @media #{$medium-up} {
           @include grid-column(4, $last-column: false);

data/app/components/renalware/hd/administer_prescription_dropdown_component.html.slim

@@ -14,7 +14,7 @@ ul.f-dropdown#hd-prescription-options(data-dropdown-content aria-hidden="true")
   - else
     - prescriptions_to_give_on_hd.each do |prescription|
       = dropdown_btn_item title: prescription.drug_name,
-                          url: renalware.new_hd_prescription_administration_path(prescription),
+                          url: renalware.new_hd_prescription_administration_path(prescription, format: :html),
                           data: { "reveal-id" => "hd-prescription-administration-modal",
                           "reveal-ajax" => "true" }
 

data/app/controllers/renalware/base_controller.rb

@@ -11,13 +11,13 @@ module Renalware
     after_action :verify_authorized
 
     # A note on ahoy tracking:
-    # has_user_timed_out is defined on SessionTimeoutController
+    # check_session_expired is defined on SessionTimeoutController
     # using this in the that controller
-    #   skip_before_action :track_ahoy_visit, only: has_user_timed_out
+    #   skip_before_action :track_ahoy_visit, only: check_session_expired
     # does not seem to work hence this global blacklist
 
     # rubocop:disable Rails/LexicallyScopedActionFilter
-    after_action :track_action, except: [:has_user_timed_out, :status]
+    after_action :track_action, except: :status
     # rubocop:enable Rails/LexicallyScopedActionFilter
 
     rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized

data/app/controllers/renalware/session_timeout_controller.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# This controller exposes a has_user_timed_out action which is invoked via Ajax on a JavaScript
+# This controller exposes a check_session_expired action which is invoked via Ajax on a JavaScript
 # timer and will cause the user to be redirected to the login page if their session has expired
 # due to a period of activity. The redirect happens because of a generic Ajax error handling
 # JavaScript - see ajax_errors.js - which causes the page to reload after any Ajax 401 error
@@ -11,35 +11,38 @@
 #
 module Renalware
   class SessionTimeoutController < BaseController
-    prepend_before_action :skip_timeout, only: :has_user_timed_out
-    skip_before_action :authenticate_user!, only: :has_user_timed_out
-    skip_before_action :track_ahoy_visit, only: :has_user_timed_out
-    protect_from_forgery except: [:has_user_timed_out, :reset_user_clock]
+    prepend_before_action :skip_timeout, only: :check_session_expired
+    skip_before_action :authenticate_user!, only: :check_session_expired
+    skip_before_action :track_ahoy_visit
+    protect_from_forgery only: []
+    after_action :track_action, only: []
 
     # Note this action will NOT update the session activity (thus keeping the session alive)
     # because we invoke #skip_timeout at the beginning of the filter chain.
     # We could return the amount of time remaining before the session expires like so
     #   time_left = Devise.timeout_in - (Time.now - user_session["last_request_at"]).round
     # and display this to the user if required.
-    # rubocop :disable Naming/PredicateName
-    def has_user_timed_out
-      skip_authorization
+    def check_session_expired
+      skip_authorization # pundit
       if referrer_is_a_devise_url? || !current_users_session_has_timed_out?
-        head(:ok)
+        head :ok
       else
-        flash[:notice] = "Your session timed due to inactivity. Please log in again."
         head :unauthorized
       end
     end
-    # rubocop :enable Naming/PredicateName
 
-    # A user could invoke this action to keep their session alive, by for example
-    # clicking on a "Keep my session active" button which makes an ajax call to this action.
-    # Note this will keep the session alive because we have not invoked skip_timeout before
-    # action, so, like all actions on all controllers, the user's last_request_at time stamp is
+    # session_controller.js invoked this action to when there is user activity on the page
+    # to update the session window.
+    # Note this will keep the session alive because we have NOT invoked skip_timeout before the
+    # action, so, like all controller actions, the user's last_request_at time stamp is
     # updated in their session cookie.
-    def reset_user_clock
-      head :ok
+    def keep_session_alive
+      skip_authorization # pundit
+      if referrer_is_a_devise_url? || !current_users_session_has_timed_out?
+        head :ok
+      else
+        head :unauthorized
+      end
     end
 
     private

data/app/javascript/renalware/controllers/session_controller.js

@@ -0,0 +1,223 @@
+
+const Rails = window.Rails
+const _ = window._
+import { Controller } from "stimulus"
+
+// This controller has 3 related functions
+// - Keep a users session alive
+//   Keep the user's session alive if they are 'active' (there are keypresses,
+//   clicks or resize events on the same page) by sending a throttled ajax
+//   request to reset the session window which will prevent their session
+//   expiring and throwing them out when they are for example writing a long
+//   letter (which they would otherwise not finish before their session expires)
+// - Auto logging-out a user after a period of inactivity
+//   Check after a period of intactivity to see if their session has expired.
+//   If it has then refresh the page which will redirect them to the login page.
+// - Signalling to other open tabs when the user's session has expired or they
+//   have manually logged out - so that all tabs go to the login page at around
+//   the same time.
+//
+// Goals:
+// - Performance and code clarity more important than having an accurate session
+//   window - if it is extended for a minute or two that is OK.
+// - The server should always be the judge of whether the session has timed out
+// - Query the server as little as possible - partly for performance and partly
+//   to avoid noise in the server logs
+// - Keep event handler activity minimal to preserve CPU cycles - ie use
+//   throttle or debounce
+//
+// Possible enhancements:
+// - After a period of inactivity, show a dialog asking if user wants to extend
+//   the session - this would involve starting a separate timer and displaying
+//   the countdown
+//
+// Scenarios to test:
+// - Keypresses, clicks and window resizing - any of these should reset session
+//   and thus the user remains logged in as long as one of these events ocurrs
+//   within sessionTimeoutSeconds
+// - User closes lid on laptop overnight and reopens in the morning - what is
+//   expected?
+// - Network disconnected - what do we do?
+// - user gets withing 10 seconds of session timeout and starts typing - session
+//   window shoud be reset
+// - user has > 1 tab open and logs out of one - ideally it should log out of
+//   other tabs before too long. We do by setting a localStorage value to signal
+//   to other tabs
+//
+// Known issues:
+// - user sitting on register page will keep polling checkAlivePath
+// - if a user becomes active on a page within throttlePeriodSeconds of
+//   sessionTimeoutSeconds then there is no currently opportunity for
+//   throttledRegisterUserActivity to reset kick in a trump
+//   checkForSessionExpiryTimeout - so the session will log out. We might need
+//   an extra step before calling checkForSessionExpiry - a final chance to
+//   check if the user was
+//   active
+// - Not quite sure if putting the data attribute config settings in the body
+//   tag is the right thing to do - perhaps should be in a config .js.erb
+export default class extends Controller {
+  checkForSessionExpiryTimeout = null
+  userActivityDetected = false
+  checkAlivePath = null
+  keepAlivePath = null
+  loginPath = null
+  throttledRegisterUserActivity = null
+  sessionTimeoutSeconds = 0
+  defaultSessionTimeoutSeconds = 20 * 60 // 20 mins
+  throttlePeriodSeconds = 0
+  defaultThrottlePeriodSeconds = 20
+
+  initialize() {
+    this.throttlePeriodSeconds = parseInt(this.data.get("register-user-activity-after") || this.defaultThrottlePeriodSeconds)
+    this.sessionTimeoutSeconds = parseInt(this.data.get("timeout") || this.defaultSessionTimeoutSeconds)
+    this.sessionTimeoutSeconds += 10 // To allow for network roundtrips etc
+    this.checkAlivePath = this.data.get("check-alive-path")
+    this.loginPath = this.data.get("login-path")
+    this.keepAlivePath = this.data.get("keep-alive-path")
+    this.logSettings()
+
+    // Throttle the user activity callback because we only need to know about user activity
+    // only very occasionally, so that we can periodically tell there server the user was active.
+    // Here, even if there are hundreds of events (click, keypress etc) within throttlePeriodSeconds,
+    // our function is only called at most once in that period, when throttlePeriodSeconds has
+    // passed (since trailing = true). This suits is as we want to avoid making any call to the
+    // server unless the user has been on the page for at least throttlePeriodSeconds.
+    // See https://lodash.com/docs/#trottle
+    this.throttledRegisterUserActivity = _.throttle(
+      this.registerUserActivity.bind(this),
+      this.throttlePeriodSeconds * 1000,
+      { "leading": false, "trailing": true }
+    )
+  }
+
+  connect() {
+    if (this.onLoginPage) {
+      this.log("connect: onLoginPage - skipping session time")
+    } else {
+      this.addHandlersToMonitorUserActivity()
+      this.resetCheckForSessionExpiryTimeout(this.sessionTimeoutSeconds)
+    }
+  }
+
+  disconnect() {
+    if (!this.onLoginPage) {
+      this.removeUserActivityHandlers()
+      clearTimeout(this.checkForSessionExpiryTimeout)
+    }
+  }
+
+  sendLogoutMessageToAnyOpenTabs() {
+    window.localStorage.setItem("logout-event", "logout" + Math.random())
+  }
+
+  // Debounced event handler for key/click/resize
+  // If we come in there then the user has interacted with the page
+  // within throttlePeriodSeconds
+  registerUserActivity() {
+    this.sendRequestToKeepSessionAlive()
+    this.resetCheckForSessionExpiryTimeout(this.sessionTimeoutSeconds)
+  }
+
+  // Timeout handler for checking if the sesison has expired
+  resetCheckForSessionExpiryTimeout(intervalSeconds) {
+    this.log(`resetting session expiry timeout ${intervalSeconds}`)
+    clearTimeout(this.checkForSessionExpiryTimeout)
+    this.checkForSessionExpiryTimeout = setTimeout(
+      this.checkForSessionExpiry.bind(this),
+      intervalSeconds * 1000
+    )
+  }
+
+  // Here we really expect the session to have expired. In case it hasn't
+  // we reset the timeout to check again. We could reset the timeout to be
+  // sessionTimeoutSeconds, but if when we checked for expiry we had only just
+  // missed it, we will end up staying on this page (assuming the user is
+  // inactive) for nearly twice as long as we need to. So we set the timeout
+  // to be throttlePeriodSeconds * 2, which gives time for the
+  // throttledRegisterUserActivity handler to reset the session again if it
+  // fires.
+  checkForSessionExpiry() {
+    this.sendRequestToTestForSessionExpiry()
+    this.resetCheckForSessionExpiryTimeout(this.throttlePeriodSeconds * 2)
+  }
+
+  sendRequestToKeepSessionAlive() {
+    this.ajaxGet(this.keepAlivePath)
+  }
+
+  sendRequestToTestForSessionExpiry() {
+    this.log("checking for session expiry")
+    this.ajaxGet(this.checkAlivePath)
+  }
+
+  ajaxGet(path) {
+    Rails.ajax({
+      type: "GET",
+      url: path,
+      dataType: "text",
+      error: this.reloadPageIfAjaxRequestWasUnauthorised.bind(this)
+    })
+  }
+
+  reloadPageIfAjaxRequestWasUnauthorised(responseText, status, xhr) {
+    if (xhr.status == 401) {
+      window.location.reload()
+      this.sendLogoutMessageToAnyOpenTabs()
+    }
+  }
+
+  addHandlersToMonitorUserActivity() {
+    document.addEventListener("click", this.throttledRegisterUserActivity.bind(this))
+    document.addEventListener("keydown", this.throttledRegisterUserActivity.bind(this))
+    window.addEventListener("resize", this.throttledRegisterUserActivity.bind(this))
+    window.addEventListener("storage", this.storageChange.bind(this))
+  }
+
+  removeUserActivityHandlers() {
+    document.removeEventListener("click", this.throttledRegisterUserActivity.bind(this))
+    document.removeEventListener("keydown", this.throttledRegisterUserActivity.bind(this))
+    window.removeEventListener("resize", this.throttledRegisterUserActivity.bind(this))
+    window.removeEventListener("storage", this.storageChange.bind(this))
+  }
+
+  logSettings() {
+    if (this.debug) {
+      this.log(`keepAlivePath ${this.keepAlivePath}`)
+      this.log(`checkAlivePath ${this.checkAlivePath}`)
+      this.log(`loginPath ${this.loginPath}`)
+      this.log(`sessionTimeoutSeconds ${this.sessionTimeoutSeconds}`)
+      this.log(`throttlePeriodSeconds ${this.throttlePeriodSeconds}`)
+    }
+  }
+
+  log(msg) {
+    if (this.debug) {
+      console.log(msg)
+    }
+  }
+
+  // An event handler to watch for changes in the value of the local storage item called
+  // 'logged_in'. We use localStorage as a cross-tab communication protocol: when the user has
+  // logged out of one tab, this mechanism is used to signal to any other logged-in tabs that they
+  // should log themselves out.
+  // This applies in 2 circumstances:
+  // - the user has clicked the "Log Out" link in the navbar - the sendLogoutMessageToAnyOpenTabs()
+  //   action defined above is called
+  // - our tab has timed out due to inactivity; other open tabs may not timeout for another few
+  //   minutes (depending on the polling frequency etc) so we give them a nudge.
+  storageChange(event) {
+    if(event.key == "logout-event") {
+      setTimeout(this.sendRequestToTestForSessionExpiry.bind(this), 2000)
+    }
+  }
+
+  get onLoginPage() {
+    return window.location.pathname == this.loginPath
+  }
+
+  // If you add data-session-debug=1 then logging will be enabled
+  // This is evaluated each time we can add debugging into a running page
+  get debug() {
+    return this.data.get("debug")
+  }
+}