Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Eclipse Scout » Persistent session (e.g. with cookies)
Persistent session (e.g. with cookies) [message #1858280] Sun, 26 March 2023 19:22 Go to next message
Michel R is currently offline Michel RFriend
Messages: 46
Registered: April 2015
Member
Hello,

I have a small Scout application with a simple Form based authentication (it uses the standard Scout login form).
There is a class implementing ICredentialVerifier to validate the user and password.

I would like to have persistent sessions, that is, if the user closes his browser without logout, and then reopens the application URL later, a cookie is kept (on the browser) and is used by the application to retrieve the principal and allow access from the same browser without a new authentication.

How can I achieve this with the Scout framework ?

Thank you
Michel
Re: Persistent session (e.g. with cookies) [message #1858287 is a reply to message #1858280] Mon, 27 March 2023 11:41 Go to previous messageGo to next message
Claudio Guglielmo is currently offline Claudio GuglielmoFriend
Messages: 259
Registered: March 2010
Senior Member
Hi Michel,

to make your cookie persistent, you have to set max-age in the cookie-config of your web.xml.
This should recover your http session as long as the houskeeping does not start, which typically is 30s after closing the tab (scout.ui.sessionstore.housekeepingDelay).
You may prevent housekeeping by setting the persistent flag on the UISession. This flag was actually introduced for the standalone mode on iOS, so there is no proper API for it, but you should be able to override the isPersistent method of the UISession (the session is a @Bean).
This will also put the client session id into the local storage, so the next time the browser is opened, the client session incl. state of the desktop will be recovered.
Re: Persistent session (e.g. with cookies) [message #1858305 is a reply to message #1858287] Tue, 28 March 2023 06:56 Go to previous messageGo to next message
Nils Israel is currently offline Nils IsraelFriend
Messages: 73
Registered: May 2010
Member
Hi Claudio, Hi Michel,
yesterday morning I didn't even know that I had this "problem" and yesterday afternoon it was already fixed. Works exactly as you said.
Thank you. :)

But, you know users, next thing they ask for: "Thanks, but what if my session times out while the browser is open. Can you show the session like it was after I log in again?".

Is there an easy solution for this, too?

Best
Nils
Re: Persistent session (e.g. with cookies) [message #1858308 is a reply to message #1858305] Tue, 28 March 2023 08:24 Go to previous messageGo to next message
Claudio Guglielmo is currently offline Claudio GuglielmoFriend
Messages: 259
Registered: March 2010
Senior Member
The state of the ClientSession is stored in the ui server and attached to the HttpSession. If the HttpSession times out, your webserver will remove it including all attached objects. So no, you cannot restore the ClientSession after a session timeout.
However, you could make sure the session does not expire that fast. If a user is active (creating requests by using the UI), the webserver will automatically increase the lifetime of the session. If the user is inactive but has the browser open, the background poller of Scout will keep the session alive, but only as long as specified by scout.ui.maxUserIdleTime (docs). So, you could increase that value. If the user closes the browser, the regular session timeout of your webserver (see web.xml) will come into place. You could increase this value as well, but keep in mind that the ClientSession uses quite a bit of memory. So I recommend to keep this value low to make sure the webserver can relase unused memory and won't go out of memory if many users connect.

[Updated on: Wed, 29 March 2023 10:20]

Report message to a moderator

Re: Persistent session (e.g. with cookies) [message #1859164 is a reply to message #1858280] Tue, 16 May 2023 20:08 Go to previous messageGo to next message
Nils Israel is currently offline Nils IsraelFriend
Messages: 73
Registered: May 2010
Member
Hello,
Just in case someone tries this at home:
Setting the max-age in the web.xml sets the expiration of the session cookie to a fixed value: login-time + max-age. This value is not renewed during the session. So after max-age expires, the app make a POST request to http://app.example.com/unload/UISESSIONID, the session is terminated and the user is prompted with a login screen.

If neither max-age nor expire is set, the cookie is valid as long as the browser tab is running and is deleted afterwards.

About a month ago I set the max-age to 7200s (2h). I thought the timeout of the session cookie would reset with each user interaction.
It took me some time to figure out that this setting was causing strange timeouts for our power users. Most of our users are only using the application for a few minutes at a time.

Claudio, can you confirm the the observed behaviour is intentional and correct?

Thanks
Nils
Re: Persistent session (e.g. with cookies) [message #1859279 is a reply to message #1859164] Fri, 26 May 2023 06:43 Go to previous message
Claudio Guglielmo is currently offline Claudio GuglielmoFriend
Messages: 259
Registered: March 2010
Senior Member
Hi Nils,

I must admin, I wasn't aware that maxAge will invalidate the session even if there are still connections. Thank you for letting us know!

Claudio
Previous Topic:[Solved] WAR files creation fail
Next Topic:Using Data Objects with standard eclipse scout
Goto Forum:
  


Current Time: Sat Dec 14 19:51:11 GMT 2024

Powered by FUDForum. Page generated in 0.03813 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top