Session Timeout

Questions or comments?

Purpose

Create a session inactivity timeout that warns users when their session is about to expire.

This plugin helps web page owners by providing session timeout and inactivity timeout functionality. When a user requests a page with this plugin implemented their session will begin. After the specified session period, they will be notified that their session is about to timeout. At this point, they will have the option to remain logged in by clicking "Continue session", or signing out by clicking "End session now".

At any time during the session, if the user remains idle for a specified amount of time, they will be notified that they're session is about to timeout. In either case, if the user does not respond to the timeout notification within a specified amount of time, once they click either "Continue session" or "End session now" they will be automatically redirected to the sign out page.

Use when

Working example

Basic example

Example with signInUrl option

How to implement

  1. Add a class="wb-sessto" element to the web page (only required once). You must set the logouturl, which controls where the user is redirected if their session expires: 
    <span class="wb-sessto" data-wb-sessto='{"logouturl": "https://app.gc.ca/logout"}'></span>
  2. Configure the plugin using the data-wb-sessto attribute of the element: 
    <span class="wb-sessto" data-wb-sessto='{
	"inactivity": 1200000,
	"reactionTime": 30000,
	"sessionalive": 1200000,
	"logouturl": "./",
	"signInUrl": "./",
	"refreshCallbackUrl": "./",
	"refreshOnClick": true,
	"refreshLimit": 200000,
	"method": "POST",
	"additionalData": null}'></span>

Configuration options

All configuration options of the plugin are controlled by the data-wb-sessto attribute or window[ "wb-sessto" ]. Any configuration parameter that accepts a time value, can optionally have the time unit specified (e.g. "100 ms").

Supported time units are:

Option Description How to configure Values
inactivity Sets the inactivity timeout. Once this expires, the plugin's modal dialog will appear and prompt the user to continue or end their session. Provide a numeric value, optionally with a time unit appended.
None (default):
Default inactivity period is 20 minutes.
Numeric value:
Treated as a millisecond value.
String numeric value with time unit appended (e.g. "100 s"):
Treated as a time value in the provided unit.
reactionTime Sets the period of time the user has to perform an action once the modal dialog is displayed Provide a numeric value, optionally with a time unit appended.
None (default):
Default reaction time is 3 minutes.
Numeric value:
Treated as a millisecond value.
String numeric value with time unit appended (e.g. "100 s"):
Treated as a time value in the provided unit.
sessionalive Sets the period of time before an ajax request is made to the server to determine if the session is still alive. A refreshCallbackUrl must be specified for this to work. Provide a numeric value, optionally with a time unit appended.
None (default):
Default session alive time is 20 minutes.
Numeric value:
Treated as a millisecond value.
String numeric value with time unit appended (e.g. "100 s"):
Treated as a time value in the provided unit.
logouturl URL that users are sent to when their session has expired. Provide a URL.
None (default):
Default logout URL is "./"
String URL:
The URL to redirect to once the session has expired.
signInUrl URL to the Sign-In page. Provide a URL.
None (default):
Default sign-in Url is null.
String URL:
The URL to the Sign-In page. The logout URL is used if none is provided.
refreshCallback The function used to check the response received from refreshCallbackUrl. This parameter cannot be specified on the data-wb-sessto attribute. Provide a function.
None (default):
The response is matched exactly to the literal string "true".
Function:
The function needs to accept a single string parameter, which will be the response body text. It must return true if the session is alive, or false otherwise.
refreshCallbackUrl URL used to perform an ajax request to determine the validity of the session. See the method and refreshCallback parameters for more details. Provide a URL.
None (default):
No ajax request will be performed.
String URL:
An ajax request (POST) will be made to the URL.
refreshOnClick Determines if clicking on the document should reset the inactivity timeout and perform an ajax request (if a refreshCallbackUrl has been specified). Provide a boolean true/false value.
None (default):
true (refresh on click is turned on)
Boolean:
true/false.
refreshLimit Sets the amount of time that must pass before an ajax request can be made. Provide a numeric value, optionally with a time unit appended.
None (default):
Default refresh limit is 2 minutes.
Numeric value:
Treated as a millisecond value.
String numeric value with time unit appended (e.g. "100 s"):
Treated as a time value in the provided unit.
method Sets the request method used for ajax requests. While all methods are accepted, the response must contain a message body therefore methods that preclude this are not recommended. Recommended: GET, POST. Provide a string value.
None (default):
The POST request method is used.
String:
Treated as the request method (HTTP verb). The method is used as entered.
additionalData Additional data to send with the request. Provide a string value, array, object or null.
None or null (default):
No additional data is sent with the request.
String:
Treated as a query string of the form key1=value1&key2=value2 and sent as-is.
Array or object:
Converted to query string form before being sent with the request.

Events

Document the public events that can be used by implementers or developers.

Event Trigger What it does
wb-init.wb-sessto Triggered manually (e.g., $( ".wb-sessto" ).trigger( "wb-init.wb-sessto" );). Initializes the plugin and starts the session and inactivity timeouts. Note: the session timeout plugin will be initialized automatically unless the .wb-sessto element is added after the page has already loaded.
wb-ready.wb-sessto (v4.0.5+) Triggered automatically after the Session timeout plugin initializes. Used to identify when and where the Session timeout plugin initializes (target of the event). 
$( document ).on( "wb-ready.wb-sessto", ".wb-sessto", function( event ) {
});
$elm.on( "wb-ready.wb-sessto", function( event ) {
});
inactivity.wb-sessto Triggered manually and by the plugin (e.g., $( ".wb-sessto" ).trigger( "inactivity.wb-sessto" );). Causes the modal dialog to appear and prompt the user to continue or end their session. This event is triggered automatically when the inactivity timeout expires.
keepalive.wb-sessto Triggered manually and by the plugin (e.g., $( ".wb-sessto" ).trigger( "keepalive.wb-sessto" );). Causes an ajax request to be made (if a refreshCallbackUrl has been specified). This will alert the user that their session has expired if the refreshCallbackUrl response is not "true".
reset.wb-sessto Triggered manually and by the plugin (e.g., $( ".wb-sessto" ).trigger( "reset.wb-sessto" );). Restarts the inactivity and keepalive timeouts.
wb-ready.wb (v4.0.5+) Triggered automatically when WET has finished loading and executing. Used to identify when all WET plugins and polyfills have finished loading and executing. 
$( document ).on( "wb-ready.wb", function( event ) {
});

Note: when manually triggering the inactivity, keepalive and reset events, you must pass the data-wb-sessto attribute as a second argument:

// Get a reference to the session timeout element and its data-wb-sessto attribute
var $element = $( ".wb-sessto" ),
	settings = $element.data( "wb-sessto" );

// Trigger the event on the element
$element.trigger( "reset.wb-sessto", settings );

Source code

Session timeout source code on GitHub

Date modified: