Subscribe via FeedJeremy Hodge, Aug 21, 2009 9:48:29 PM
OK...HOLD ON!!!! Time for me to eat a bit of crow on this one for a moment. My previous example only worked because of some other code I had in the background of my app that was forcing a ?logout if it detected a condition where an idle session timeout occoured, deleting the DomAuthSessID cookie. SO, my previous example would not work under normal circumstances. I have updated the code below to do an ajax call to see if the session has timed out, and if so, then do the redirect.
My Apologies....
Here's a little gem that can be used to watch for a session that has timed out due to inactivity (Idle Session). This gets handy if you are using a lot of partial refreshes in XPages. If the user returns to the application after the Idle Timeout has occured, and performs an action that results in a partial refresh, you can get very bad results because the partial refresh will re-direct to the server login page, embedding itself partially in the refreshed section. The login may not work, and overall, it can do very bad things to your application's perceived "integrity".
Hence, this code snipet. It uses a javascript setInterval to check the contents of the page's cookie for the DomAuthSessID, if it finds it with the server via an ajax call to see if the session has expired. If it hasn't, it happily moves on and wil get called again in 16 mins, if not, it redirects to a login page, with a RedirectTo= set back to this page.
The code below checks every 16 mins (16 mins * 60 secs per minute * 1000 milliseconds = 960000). You'll probably want to play with the timeout interval to get a good balance of not checking too frequently, and not letting the session idle out before redirecting.
Also, if you use multi-server single sign on, you'll want to change it from checking for DomAuthSessID to lptatoken....
function checkLogin() {
dojo.xhrGet({
url : window.location.href.split('.nsf')[0] + ".nsf?opendatabase",
handleAs : 'text',
preventCache : true,
load : function(response, ioArgs) {
if (response.indexOf('action="/names.nsf?Login"')!=-1){
clearInterval();
window.location.href = window.location.href.split('.nsf')[0] + ".nsf?Login&RedirectTo=" + window.location.href
}
},
error : function(response, ioArgs) {
// Do any custom error handling here that you want to.
}
})
};
dojo.addOnLoad(function(){
setInterval("checkLogin()", 960000);
});
5 responses to Checking for Idle Session Timeout Client-Side and Redirecting
aj, February 4, 2010 7:24 AM
Hello,
I have a situation where when the user closes the browser window the user is "disconnected" from the chat application, its handled in dojo, but suppose when the user closes the browser through say a end task(in windows) how do we handle such a situation. Ideally i want to show that the user has been "disconnected" or "logged out" of the room. Im using dojo version 1.4. Any insight on this would be highly appreciated.
Jeremy Hodge, September 9, 2009 7:03 PM
@Nathan - Create a javascript library, and place the code in there. Any page that you want the check to occur, include the library.
Nathan, September 9, 2009 2:12 PM
Just a quick newby question......where would I place this code?
Jeremy Hodge, August 22, 2009 1:01 PM
Yes, It would be possible. If you look at the advanced in page login example I posted earlier on this blog, there is a link that pops up the ajax login dialog box. If you were to give the link an id, you should be able to call dojo.byId("IDGOESHERE").click() instead of the window.location.href and it would pop up the dialog to log in.
I'm sure you know already, but if you rely solely on countdown like you described, with xPages and partial refreshes, you would have to get the countdown to restart on every partial refresh, as you can't rely on the full page refresh to reset the counter (and each partial refresh would reset the idle time out). That's why its best to check back with the server...
Jan Schulz, August 22, 2009 12:33 PM
We use something similar (but a little dumper): just count down a little less than the normal idle countdown and popup a alert box.
Anyway: I wonder if it would be possible to detect, that the session timout is finished, it will show a small login window and autenticate the user again via ajax calls. Redirecting means that the users is pulled out of the normal workflow and might loose data (form content).
Jan