Session timeout

Overview

This sub project will help web asset owners provide session timeout and inactivity timeout functionality. When a user requests a page with this plugin implemented their session will begin. After the specified session period, they will be notified that their session is about to timeout. At this point, they will have the option to remain logged in by clicking "OK", or logging out by clicking "Cancel". At anytime during the session, if the user remains idle for a specified amount of time, they will be notified that they're session is about to time out. In either case, if the user does not respond to the timeout notification within a specified amount of time, once they click either "OK" or "Cancel" they will be automatically redirected to the log out page.

The code you're allowed to edit (within the page) is:

<span class="wet-boew-sessiontimeout" data-wet-boew='{"inactivity": 1200000, "reactionTime": 30000, "sessionalive": 1200000, "logouturl": "./", "refreshCallbackUrl": "./"}'></span>

This allows you to configure the plugin:

  • inactivity: This is the inactivity period of time after which the dialog message will appear.
  • reactionTime: This is the period of time the user has to perform an action with the dialog message.
  • sessionalive: This is the period of time for the session to stay alive until the dialog message appears.
  • logouturl: This is the URL that users are sent to when the session has expired.
  • refreshCallbackUrl: This is the URL to perform an ajax refresh, must return true/false.

The only required parameter is logouturl, all other fields are optional. The default code would be:

<span class="wet-boew-sessiontimeout"> data-wet-boew='{logouturl: "./"}'></span>

IMPORTANT NOTE: The inactivity, reactionTime and sessionalive parameters are set in milliseconds. The only required parameter is the logouturl. The default inactivity and sessionalive is set to 20 minutes with a 30 second confirmation time with the dialog message. The refreshCallbackUrl must not be a page containing the timeout function again as a loop will be created, it should be simply a viewless page that refreshes the session.

Need help with the conversion? See: http://www.calculateme.com/Time/Minutes/ToMilliseconds.htm

IMPORTANT NOTE: Your sessionalive and inactivity parameters should be equal to your web server session alive time minus the reactionTime time. If you set your sessionalive time and inactivity time to the same as your web server without taking into consideration the reactionTime time then the session will have ended by the server as soon as the popup appears to extend the session.

How do I use it?

Add the following to the page:

<span class="wet-boew-sessiontimeout" data-wet-boew='{logouturl: "./"}'></span>

Try it out!

This page has a 30 seconds inactivity timeout period. You also have 30 seconds to confirm if you want to keep the session alive. Please wait for the prompt to appear.