Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How does session timeout work?
#10
(04-24-2019, 05:51 AM)DanBarclay Wrote: Yes, as Pete says, SessionTimeout with keepalive is mainly for detecting when the browser disappears.  It sometimes makes sense to time your user's activity in some other way.  I have done that.

Also, as Chad has indicated, SessionTimeout doesn't care whether a user or some other activity tickles it.  It starts over when the browser does something to indicate it's still there.  KeepAlive works exactly that way, as Pete described, it just sends a simple message to tickle the server.

If you take an empty form with a SessionTimeout and no Keepalive, your session WILL time out.  Add simple controls and it will still timeout.  Add some automatic refresh or other trigger and it won't.

You might want to play with it some.  That's the best way to find the boundaries and behavior.

Dan

Thank you I will play around with the settings to see what works out best. Currently looking at Server cookies, session cookies, session time out and IWServerControllerBaseCloseSession.

(04-23-2019, 04:45 PM)pete@pdmagic.com Wrote:
(04-23-2019, 01:26 PM)msgopala Wrote: Thank you for your replies. I unchecked the MainForm.KeepAlive, so its false now and the HTTPKeepAlive was already set to False. My Sessiontimeout is set to 30(minutes) but the page doesnt timeout. I kept it open abut minimized and when i entered data or refreshed it, the page didnt timeout.

Are there any other settings I need to check to make sure it works like it should?

Keep alive is an option.  It didn't even used to exist. I've got a pretty extensive app and have never used it.  

Without enabling KeepAlive, your session will time-out based on the sessiontimeout property.  A timeout occurs when the user doesn't have any interaction with the app/page for the duration of the sessiontimeout period.  So, with your 30 minute timeout, if you start a session and then don't touch the browser for 30 minutes, the timeout will occur.  But each time you interact with the page in the browser, the 30 minute timer starts over again.  When a session times out, nothing changes in the browser. (i.e. no popup or other message) The session is simply deleted on the server.  In fact, if you put a breakpoint in your UserSession destructor, you'll see it is hit when the session timeout limit occurs.  After a session times-out and the session has been destroyed on the server, any additional actions in the browser will result in the user being told that their session has timed out.  (you can let IW report this to the user, or you can handle it. that's a different topic)

The purpose of a KeepAlive option is to prevent time-outs.  SessionTimeout has almost no purpose if you enable KeepAlive.  KeepAlive is JS in the browser sending a tiny request every once in a while so that the server starts the timeout clock again.  The idea is that for as long as the form is displayed in the browser, and that JS runs, the session will never end. But when you close that browser window, the JS stops calling back to your app and the session will timeout.  (based on the sessiontimeout property)

That's my best explanation.  Now, in writing this explanation, something has occurred to me:
In my app, written before KeepAlive was an option, I set my clients' timeouts to about 4 hours.  I did this because I believed that they left the browser open on their desktop all day and didn't want to have to log in each time they clicked on it.  With the advent of KeepAlive, it would make much more sense to set the sessiontimeout to 10 minutes and enable KeepAlive. That way, as long as they leave the browser open on their desktop, the session will stay active.  But as soon as they close their browser, the session will wait 10 minutes and destroy itself.  I plan to implement that today because of your question. Thanks!

Pete

Thanks. the keepalive option had kept a lot of users logged in and it started to create a lag on our database, if they didnt close their browsers. To get around that I had to set keepalive to false.

 I am currently looking at the settings,  Server cookies, session cookies, session time out and IWServerControllerBaseCloseSession. to see what will work out best for us.

(04-23-2019, 02:32 PM)kudzu Wrote: "when i entered data or refreshed it"

When you do this, you are resetting the timer each time..... This is by design.

Ok, thank you
Reply


Messages In This Thread
How does session timeout work? - by msgopala - 04-22-2019, 01:51 PM
RE: How does session timeout work? - by kudzu - 04-22-2019, 01:56 PM
RE: How does session timeout work? - by msgopala - 04-22-2019, 02:36 PM
RE: How does session timeout work? - by kudzu - 04-22-2019, 06:58 PM
RE: How does session timeout work? - by msgopala - 04-23-2019, 01:26 PM
RE: How does session timeout work? - by kudzu - 04-23-2019, 02:32 PM
RE: How does session timeout work? - by msgopala - 04-24-2019, 07:05 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)