NetTalk Central
NetTalk Web Server => Web Server - Ask For Help => Topic started by: Thys on August 11, 2011, 05:01:04 AM
-
Hi,
I need to timeout a session due to inactivity after 1 minute. This is a setting on the webserver, but once timed-out there is now way to tell the user about the timeout. After asking Bruce how to gracefully handle session timeouts, I understood that the best would be not to act on the timeout, but rather use JavaScript to check for inactivity and prompt the user timely that the session will timeout.
I am at that point now to do this, but I don't have an idea where to start. Any help?
Thys
-
OK. To answer half of my own question, I found this in the Share Knowledge section:
http://www.nettalkcentral.com/index.php?option=com_smf&Itemid=36&topic=1518.0
It shows me how to add a timer - and it can actually logout the user. But my quest is only over when I find out how to show a popup window prompting the user to press continue or wait for the final 30 seconds to logout...
Thys
-
Not yet at my popup window yet, still coming...
I see that when there is a timer on the page (added on the page footer), it keeps on running whenever the user is filling in the form. If he takes longer than 60 seconds, the session is logged off - because there was no page re-load or refreshing of the counter.
I suspects that when any field on the form is completed, the counter needs to be restarted. How can I do that?
Thys
-
Hi Thys,
I have added a "visible" session timeout to the BasicWithLogin (3) example.
In this example I have added a bit to the xHtml of the "Heading when logged in" part of PageHeader tag. The html is
<td width="10%" class="nt-countdown">
Session Expires In:
<div id="countdown"></div>
</td>
This uses a css class (nt-countdown) for styling, some text (which you can change) and a <div> to hold the counter. Note the id of the div is "countdown".
then in the code for the PageHeaderTag is
if (p_web.GetSessionLoggedIn() and p_web.PageName <> 'LoginForm')
! parameter 1 is the session time
! parameter 2 is the name of the login page.
! parameter 3 is the id of the <div> in the html.
packet = clip(packet) & p_web.Script('startCountDown('& int(p_web.site.SessionExpiryAfterHS/100) &',"'& clip(p_web.site.LoginPage) &'","countdown");')
do SendPacket
end
Note I've used the name of the div as the 3rd parameter of the call to .Script.
The second parameter indicates the name of the page to goto when it expires.
this requires build 5.31 or later.
cheers
Bruce
-
>> I see that when there is a timer on the page (added on the page footer), it keeps on running whenever the user is filling in the form. If he takes longer than 60 seconds, the session is logged off - because there was no page re-load or refreshing of the counter.
correct. Even if you reset the counter after every field (which will happen if the fields are set as "automatically validate") - 1 minute is still a _really_ short timeout. Something as simple as a phone call, or having to lookup some info or whatever would cause the session to expire. This would make the site extremely frustrating to use. Even in secure sites, like banking sites, 10 to 15 minutes is the minimum I'd recommend.
Cheers
Bruce
-
Thanks Bruce, looks like you've been working hard on NetTalk.
I solved my problem with the timer on a long-winded page by calling an extra JavaScript function on every field that resets the timer to zero. In effect the user then has 60 seconds to complete a field and not the form as a whole. I'll stick with this for now, seems like the client likes the idea.
Thys
-
Hi Thys,
Forgive me for being blunt - but whether the client likes it or not it sounds like an epically dumb idea. I predict much pain and gnashing of teeth.
It's trivially easy to be distracted for a minute - perhaps on a phone call, or perhaps someone wanders into my office. To kill the session (and effectively throw away everything they've entered) after just 60 seconds to me sounds like a really really bad idea.
If the client thinks this is a good then I suggest the following test;
a) let him fill in the whole form up to somewhere near the end.
b) distract him by asking him a question, or giving him your invoice, or ask the secretary to pop and ask for a signature - anything that distracts him for a minute.
c) Observe his reaction when the session times out.
I think he may be less enamored by the idea after that demonstration.
Cheers
Bruce