Atozed Forums

Full Version: Enforce session timeout without user interaction
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I am using Delphi 10.1 Berlin with IntraWeb 14.2.3.  We have an application running as as ISAPI dll in IIS.  We are using the session timeout value (15 minutes) in the Server Controller which works, however it requires user action to trigger it.  In other words if the session times out and a user tries to do something they are redirected to a static html page indicating that their session has timed out and that they are required to log back in.  We really need the session timeout enforced and page redirect to occur even if no user activity occurs during the timeout period.  This is required for security purposes.  I have tried using the TIWTimer control with the onTimer event, however I don't know how to reset it if the user takes action on the screen such as clicking buttons.  It seems to start the timer when the form is first loaded.  Does anyone know how to address this situation?  Is there another option in IntraWeb 15?  Also we have hundreds of forms so even if the timer option works it is not ideal since we would need to modify every form and add the timer functionality to it.  Thanks.
Here's how I do it:

Add a TDateTime lastAccess variable to UserSession, set to Now() on creation.

Add a TIWTimer to form, set Interval to 60000, set OnAsyncTimer event to something like
  //logout after 5 min of no action
  if(SecondsBetween(Now(),lastAccess) > 298) {
    UserSession()->LogMsg("timeout");
    WebApplication->TerminateAndRedirect("/endDFWPE.html");
  }

Add 'lastAccess = Now();' to all events triggered by useage (button clicks, etc).

Set session timeout to something greater than OnAsyncTimer value test.



The app will now redirect to a static page after 5 min of no usage automatically.
I've tried putting a timer in a usersession but it did not trigger so I think a timer on each form might be the only way.  If you have hundreds of forms maybe use Visual Form Inheritance so that each form derived will have your timer and logic automatically.