Session Timeout Management

From Documentation


Session Timeout Management


After a session is timeout, all desktops and UI objects it belongs are removed. If a user keeps accessing the desktop that no longer exists, ZK will prompt the user for the session-timeout situation. ZK supports several ways to prompt the user for session timeout:

  • Show a message
  • Redirect to another page
  • Totally Control by running JavaScript code

You could pick one depending on your application requirement. In additions, you could configure your application to enforce the user prompting to take place, without waiting the user's activity. It is called automatic timeout.

Show a Message

By default, a message is shown up to prompt the user and prevent from further accessing as depicted below.

DrSessTimeout.png

Custom Message

You could show a custom message by specifying timeout-message in WEB-INF/zk.xml. For example,

<session-config>
	<device-type>ajax</device-type>
	<timeout-message>Session timeout. Please reload.</timeout-timeout>
</session-config>

Internationalization

If you want to specify a Locale-dependent message, you could specify the key and prefix it with label: as follows.

<session-config>
	<device-type>ajax</device-type>
	<timeout-message>label:timeout</timeout-timeout>
</session-config>

Then, you have to prepare the i3-label properties files as described in the Labels section.

#i3-label.properties
timeout={
Session timeout.
(multi-line is allowed)
}

Redirect to Another Page

Sometimes it is better to redirect to another page that gives users more complete description and guides they to the other resources, or asks them to login again. You can specify the target URI, that you want to redirect users to when timeout, with [timeout-uri element] in WEB-INF/zk.xml. For example, the target URI is /timeout.zul and then you can add the following lines to zk.xml.

<session-config>
    <device-type>ajax</device-type>    
    <timeout-uri>/timeout.zul</timeout-uri>    
</session-config>

In addition to WEB-INF/zk.xml, you could change the redirect URI manually as follows.

Devices.setTimeoutURI("ajax", "/timeout.zul");

About Device: A device represents the client device, such as Ajax browsers and Android devices. Each desktop is associated with one device, and vice versa.

If you prefer to reload the page instead of redirecting to other URI, you can specify an empty URI as follows.

<session-config>
    <device-type>ajax</device-type>    
    <timeout-uri></timeout-uri>    
</session-config>

Total Control in JavaScript

If you want more amazing effect, you could provide some JavaScript code and configure ZK to run it if timeout. For example, demo shows up a message on the top of window with some animation, and then automatically reloads if it detects any mouse move (it means the user is back).

For example, you have a function called foo.timeout to handle the timeout effect, then you could configure WEB-INF/zk.xml as follows.

<session-config>
	<device-type>ajax</device-type>
	<timeout-message>script:foo.timeout('Session Timeout')</timeout-timeout>
</session-config>

The code depends on the client. For Ajax devices, it has to be JavaScript.

Automatic Timeout

By default, the session-timeout mechanism is triggered only if the client sends back a request (such as clicking on a button). If you prefer to prompt the user even if he doesn't do anything, you could specify the automatic-timeout element in WEB-INF/zk.xml as follows.

<session-config>
	<device-type>ajax</device-type>
	<automatic-timeout/>
</session-config>

Then, ZK Client will trigger the session-time mechanism (showing a message, redirecting to another page, or running some JavaScript code).

Page-level Automatic Timeout

If you want to specify whether to automatically timeout for particular pages, you can use the page directive.

Moreover, it is better to turn off the automatic timeout for the timeout page you want to redirect to (if the page is a ZUML page). For example,

<!-- my timeout page -->
<?page automaticTimeout="false"?>
...

Never Timeout

You can also prevent the session timeout by making a "keep-alive" timer. Set in zk.xml:

<session-config>
  <timer-keep-alive>true</timer-keep-alive>
</session-config>

and make a timer in your ZUL page:

<timer id="timerKeepAliveSession" repeats="true" delay="10000"/>

This will prevent the session to time out when the ZUL page is opened in the borwser. The session still timeouts when the user has navigated the browser away (or when the connection between browser and the server is broken). Instead of 10sec delay, you may set the timerKeepAliveSession more flexible, like session.getMaxInactiveInterval() * 100.

Version History

Last Update : 2010/11/19


Version Date Content
     



Last Update : 2010/11/19

Copyright © Potix Corporation. This article is licensed under GNU Free Documentation License.