Smalltalk Frameworks & Tools Seaside Seaside General

Implementing a session timeout counter

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
jtuchel
Reply | Threaded
Open this post in threaded view
|

Implementing a session timeout counter

jtuchel
Hi,


I'd like to present our users a countdown in the browser that shows the
remaining time until the session times out.

The problems I see are not JavaScript timouts and stuff to make this
thing count down. My problem is more related to how to keep the counter
in sync with the server side timeout. I am not talking about msecs or
such, but the fact that there are at least two things that reset the
counter on the server side and that needs to be communicated to the
client: one is every standard callback processing, the other is Ajax
(and maybe in some applications we also have WebSockets involved).

I guess the best way to communicate the fact that the counter is back to
(say) 40 minutes is to use an HTTP Header that gets added to every
response, be it from some normal callback or Ajax callback. Do you guys
agree?

If we agree so far, we'd have to add some javascript code to all our
rendered pages that ask for that Header and reset/restart the countdown.

In case of complete-re-renders of a page this is probably something in
the load script, right?

For Ajax, I'd use JQuery's .ajaxComplete() to do the same. I guess there
is some way to access the headers and restart the timer.

Am I on the right track? Has anybody done this before? Maybe there
already is something available in Seaside?


The next wish on our list would be a button that a user can press in
order to keep the session alive without doing anything else. This, I
think, would be easy by just sending a little ajax request to the server
that does basically nothing. Everything else is implemented already when
the above-mentioned steps are done... right?

Bonus question: Should the http header be filled with the end datetime
of the session or the last tiome it was reset and to which value? In the
former case, how can I determine it on the server, given I don't want to
have the session timeout time in two places or a global


Thanks for your ideas and thoughts,


Joachim

--
-----------------------------------------------------------------------
Objektfabrik Joachim Tuchel          mailto:[hidden email]
Fliederweg 1                         http://www.objektfabrik.de
D-71640 Ludwigsburg                  http://joachimtuchel.wordpress.com
Telefon: +49 7141 56 10 86 0         Fax: +49 7141 56 10 86 1

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Esteban A. Maringolo
Reply | Threaded
Open this post in threaded view
|

Re: Implementing a session timeout counter

Esteban A. Maringolo
Hi Joachim,

On 08/05/2018 09:21, [hidden email] wrote:
> The problems I see are not JavaScript timouts and stuff to make this
> thing count down. My problem is more related to how to keep the counter
> in sync with the server side timeout. I am not talking about msecs or
> such, but the fact that there are at least two things that reset the
> counter on the server side and that needs to be communicated to the
> client: one is every standard callback processing, the other is Ajax
> (and maybe in some applications we also have WebSockets involved).

> I guess the best way to communicate the fact that the counter is back to
> (say) 40 minutes is to use an HTTP Header that gets added to every
> response, be it from some normal callback or Ajax callback. Do you guys
> agree?
> If we agree so far, we'd have to add some javascript code to all our
> rendered pages that ask for that Header and reset/restart the countdown.
> In case of complete-re-renders of a page this is probably something in
> the load script, right?

> For Ajax, I'd use JQuery's .ajaxComplete() to do the same. I guess there
> is some way to access the headers and restart the timer.

> Am I on the right track? Has anybody done this before? Maybe there
> already is something available in Seaside?
I don't know of something existing in Seaside, other than JQAjaxSetup,
for which you could define a global "ajaxSuccess" event handler that
will be invoked after each of your ajax requests (sucessful or not).

I use that (start/stop/error) global handlers to show "loading" messages
or errors if something went wrong (including a session a timeout).

You should check whether the response is valid or not there.

When there is a full page request, you set that on a regular <script> or
`addLoadScript:` script.

> The next wish on our list would be a button that a user can press in
> order to keep the session alive without doing anything else. This, I
> think, would be easy by just sending a little ajax request to the server
> that does basically nothing. Everything else is implemented already when
> the above-mentioned steps are done... right?
A non-op ajax callback would fulfill that given the above was implemented.
> Bonus question: Should the http header be filled with the end datetime
> of the session or the last tiome it was reset and to which value? In the
> former case, how can I determine it on the server, given I don't want to
> have the session timeout time in two places or a global
I'd send the timeout in delta (seconds/millis) in order to avoid clock
offsets between the client and the server and compute the "last request
timestamp" based on the local clock, and then you can implement a
countdown clock locally based on that.

If needed, you could add a RequestFilter that adds such header.

In the case of websockets if you're using some sort of message "types",
you can have a special message to set the new timeout on the client.


Regards,

--
Esteban A. Maringolo
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Free forum by Nabble Edit this page