Session Timeout
Overview
This plugin helps web page owners by providing session timeout and inactivity timeout functionality. When a user requests a page with this plugin implemented their session will begin. After the specified session period, they will be notified that their session is about to timeout. At this point, they will have the option to remain logged in by clicking "Continue session", or signing out by clicking "End session now".
At any time during the session, if the user remains idle for a specified amount of time, they will be notified that they're session is about to timeout. In either case, if the user does not respond to the timeout notification within a specified amount of time, once they click either "Continue session" or "End session now" they will be automatically redirected to the sign out page.
The plugin is setup using the following HTML:
<span class="wb-sessto" data-wb-sessto='{"inactivity": 1200000, "reactionTime": 30000, "sessionalive": 1200000, "logouturl": "./", "refreshCallbackUrl": "./"}'></span>
This allows you to configure the plugin:
- inactivity: inactivity period of time after which the modal dialog will appear (default 20 minutes).
- reactionTime: period of time the user has to perform an action once the modal dialog is displayed (default 3 minutes).
- sessionalive: period of time for the session to stay alive until the modal dialog appears (default 20 minutes).
- logouturl: URL used to end the session.
- signInUrl: URL that users are sent to when the session has expired.
- refreshCallback: The function used to check the response received from refreshCallbackUrl.
- refreshCallbackUrl: URL used to perform an ajax request to determine the validity of the session.
- refreshOnClick: Determines if clicking on the document should reset the inactivity timeout and perform an ajax request (if a refreshCallbackUrl has been specified).
- refreshLimit: Sets the amount of time that must pass before an ajax request can be made.
- method: Sets the request method used for ajax requests. Recommended: GET or POST.
- additionalData: Additional data to send with the request.
The only required parameter is logouturl, all other fields are optional. The default plugin code is:
<span class="wb-sessto" data-wb-sessto='{logouturl: "./"}'></span>
Note: The inactivity, reactionTime and sessionalive parameters are set in milliseconds. For help with the time values, use this time converter.
Note: Your sessionalive and inactivity parameters should be equal to your web server session alive time minus the reactionTime time. If you set your sessionalive time and inactivity time to the same as your web server without taking into consideration the reactionTime time then the session will have ended by the server as soon as the popup appears to extend the session.
Note: The server response needs to contain a message body. Don't use a request method (e.g. HEAD) that disallows a message body in the response.
How do I use it?
Add the following to the page:
<span class="wb-sessto" data-wb-sessto='{logouturl: "./"}'></span>
Try it out!
This page has a 30 seconds inactivity timeout period. You also have 3 minutes to confirm if you want to keep the session alive. Please wait for the prompt to appear.
Page details
- Date modified: