...
There are many different ways the applications can deal with the situation of user session expiring. The application could notify the user a bit before the application session is about to expire. It could also just keep the user application session from timing out by making automatic requests to the application at certain time intervals. Also the SSO session can be kept from expiring by using the techniques mentioned below in Preventing SSO and Application Session Expiration. If the user chooses to confirm the session, call the Ubisecure SSO uas/refresh address and refresh also the application session timer. If the user chooses to logout, call the logout process using the technique supported by the Web Agent Application or SAML SP in use.
Preventing SSO and Application Session Expiration
...
Here is an example of how to do the img tag style refresh that refreshes the SSO session every 10 minutes:
In HTML page HEAD:
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<script type="text/javascript">
function sessionKeepAlive(imgName) {
myImg = document.getElementById(imgName);
if(myImg) myImg.src = myImg.src.replace(/\?.*$/, '?' + Math.random());
}
window.setInterval("sessionKeepAlive('keepAliveIMG')", 600000);
</script> |
Inside HTML BODY:
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<img id="keepAliveIMG" width="1" height="1" src="https://www.example.com/uas/refresh/status.gif?"/> |
Here is an example code on how to keep application session refreshed with a whole-page refresh every 10 minutes:
In HTML HEAD:
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<meta http-equiv="refresh" content="600" /> |
The img tag style refresh is recommended over the meta-refresh, because it does not reload the whole page and thus possibly lose some valuable data if the user was just filling out a form etc.
...
The idea here is to use JavaScript to check if the current page has been shown to user so long that the session is about to expire. When this happens, JavaScript code will load a session expiration page.
In HTML HEAD:
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<script language="javascript" type="text/javascript" src="js/SessionExpiry.js"></script>
<script type="text/javascript">
var callback = function() {
// Take the user to another page just before session expiration.
document.location = "expiry.jsp";
};
// The time in milliseconds for the moment before actual session expiry (29 minutes)
var timeout = 1740000;
initializeExpiryTracking();
// The polling interval should be much less than the session timeout
// if users open multiple windows and all the windows are wanted to
// react to the session expiry somehow. If this is not important (or
// not preferred), just set the interval the same as the timeout.
window.setInterval("checkSessionExpiry(timeout, callback)", 5000);
</script> |
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
/**
* Initializes the session expiration tracking by marking the last
* http request time in a cookie.
*/
function initializeExpiryTracking() {
setCookie("lastRequestTime", new Date().getTime());
}
/**
* Checks if the time between now and last http request is bigger
* than the session timeout and if so, executes the callback function.
*
* @param timeout Session timeout
* @param callback a function that is called when session expiration
* happens
*/
function checkSessionExpiry(timeout, callback) {
lastRequestTimeString = getCookie("lastRequestTime");
lastRequestTime = parseInt(lastRequestTimeString);
if(new Date().getTime() - lastRequestTime >= timeout || cookieAlreadyDeleted()) {
deleteCookie("lastRequestTime");
callback();
}
}
function cookieAlreadyDeleted() {
return isNaN(lastRequestTime);
}
/**
* Returns a cookie value for the given cookie name.
*
* @param name
*/
function getCookie(name) {
var nameMatch = name + "=";
var cookieArray = document.cookie.split(';');
for(var i = 0; i < cookieArray.length; i++) {
var c = cookieArray[i];
while(c.charAt(0) == ' ') c = c.substring(1, c.length);
if(c.indexOf(nameMatch) == 0) return c.substring(nameMatch.length, c.length);
}
return null;
}
/**
* Sets a cookie with the given name and value. Uses default expiration and "/"
* as path.
*
* @param name
* @param value
*/
function setCookie(name, value) {
document.cookie = name + "=" + value + ";path=/";
}
/**
* Deletes a cookie with a given name from the "/" path.
*
* @param name
*/
function deleteCookie(name) {
if(getCookie(name)) {
document.cookie = name + "=" + ";path=/" + ";expires=Thu, 01-Jan-1970 00:00:01 GMT";
}
}
/**
* Changes the image src attribute of the image that has the given Id. This basically
* makes the browser to reload the image.
*
* @param imgName
*/
function sessionKeepAlive(imgName) {
myImg = document.getElementById(imgName);
if(myImg) myImg.src = myImg.src.replace(/\?.*$/, '?' + Math.random());
}
|
...
The idea here is basically the same as in the previous technique of taking user to a session expiration page. We just change the callback code to ask user whether he wants to refresh the session or not.In HTML HEAD section:
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<script language="javascript" type="text/javascript" src="js/SessionExpiry.js"></script>
<script type="text/javascript">
var intervalId = 0;
var callback = function() {
// Here you can do whatever is wanted to be done just before session expiration.
if(confirm("Your session is about to expire. Do you want to continue the session?")) {
window.clearInterval(intervalId);
sessionKeepAlive("keepAliveIMG");
initializeExpiryTracking();
intervalId = window.setInterval("checkSessionExpiry(timeout, callback)", 5000);
} else {
document.location = "expiry.jsp";
}
};
// The time in milliseconds for the moment before actual session expiry
var timeout = 50000;
initializeExpiryTracking();
// The polling interval should be much less than the session timeout
// if users open multiple windows and all the windows are wanted to
// react to the session expiry somehow. If this is not important (or
// not preferred), just set the interval the same as the timeout.
intervalId = window.setInterval("checkSessionExpiry(timeout, callback)", 5000);
</script> |
...