The scenario is that a user should get notification (say via typical JS alert or redirect etc) when her session is about to be expired. Couple of ways this can be done is
- Using javascript time out function as explained here.
- Using Server Push using WebSockets which off course would need HTML5 support.
What are the relative merits/demerits of these two approaches? Apart from these, are there any other ways this can be achieved (some standard library etc). My back end is Java EE (Struts+Spring).
The scenario is that a user should get notification (say via typical JS alert or redirect etc) when her session is about to be expired. Couple of ways this can be done is
- Using javascript time out function as explained here.
- Using Server Push using WebSockets which off course would need HTML5 support.
What are the relative merits/demerits of these two approaches? Apart from these, are there any other ways this can be achieved (some standard library etc). My back end is Java EE (Struts+Spring).
Share Improve this question edited Apr 6, 2012 at 8:39 Arjan Tijms 38.2k12 gold badges111 silver badges143 bronze badges asked Apr 3, 2012 at 12:39 SantoshSantosh 17.9k4 gold badges57 silver badges79 bronze badges2 Answers
Reset to default 9By Using javascript timeout function, you need to ensure that if the user is making any AJAX calls your function should be reset as it should be treated as user activity.
If the using server push using websockets you may not be able to target users with not so latest browsers. You may have to use some signalling frameworks and even change your backend stack. (I can think of socket.io & SignalR as of now)
Both the approaches are not going degrade gracefully. So, IMO javascript option sounds better as it can target wider audience and that would require you to address some edge case scenarios. If I had a choice I would not implement this feature at all. But it hardly happens that way.
UPDATE: Here is another approach I could think of.
Every time a page gets served I would sent a Cookie which can be accessed in the client side which would contain the UTC time at which the session will timeout. In my code I would place a setInterval which would read the value and pare the local time with UTC and if it close, would display a popup window saying the timeout will happen in X seconds etc.
This again doesn't degrade gracefully and relies on the time of the client machine. So, if it is wrong this functionality will not work reliably.
What about creating a filter where you set a cookie with the number of seconds left until timeout?
So, you will always set that value to (session-config->session-timeout) * 60.
In the front side, using setInterval, you would update that cookie value by subtracting the interval to the current cookie value, that way you don't depend on time configuration.