Eclipse Community Forums: Eclipse Scout » Persistent session (e.g. with cookies)

Help

Home

Home » Eclipse Projects » Eclipse Scout » Persistent session (e.g. with cookies)

Show: Today's Messages :: Show Polls :: Message Navigator

Persistent session (e.g. with cookies) [message #1858280]

Sun, 26 March 2023 19:22

Michel R

Messages: 46
Registered: April 2015

Member

Hello,

I have a small Scout application with a simple Form based authentication (it uses the standard Scout login form).
There is a class implementing ICredentialVerifier to validate the user and password.

I would like to have persistent sessions, that is, if the user closes his browser without logout, and then reopens the application URL later, a cookie is kept (on the browser) and is used by the application to retrieve the principal and allow access from the same browser without a new authentication.

How can I achieve this with the Scout framework ?

Thank you
Michel

Report message to a moderator

Re: Persistent session (e.g. with cookies) [message #1858287 is a reply to message #1858280]

Mon, 27 March 2023 11:41

Claudio Guglielmo

Messages: 256
Registered: March 2010

Senior Member

Hi Michel,

to make your cookie persistent, you have to set max-age in the cookie-config of your web.xml.
This should recover your http session as long as the houskeeping does not start, which typically is 30s after closing the tab (scout.ui.sessionstore.housekeepingDelay).
You may prevent housekeeping by setting the persistent flag on the UISession. This flag was actually introduced for the standalone mode on iOS, so there is no proper API for it, but you should be able to override the isPersistent method of the UISession (the session is a @Bean).
This will also put the client session id into the local storage, so the next time the browser is opened, the client session incl. state of the desktop will be recovered.

Report message to a moderator

Re: Persistent session (e.g. with cookies) [message #1858305 is a reply to message #1858287]

Tue, 28 March 2023 06:56

Nils Israel

Messages: 72
Registered: May 2010

Member

Hi Claudio, Hi Michel,
yesterday morning I didn't even know that I had this "problem" and yesterday afternoon it was already fixed. Works exactly as you said.
Thank you. :)

But, you know users, next thing they ask for: "Thanks, but what if my session times out while the browser is open. Can you show the session like it was after I log in again?".

Is there an easy solution for this, too?

Best
Nils

Report message to a moderator

Re: Persistent session (e.g. with cookies) [message #1858308 is a reply to message #1858305]

Tue, 28 March 2023 08:24

Claudio Guglielmo

Messages: 256
Registered: March 2010

Senior Member

The state of the ClientSession is stored in the ui server and attached to the HttpSession. If the HttpSession times out, your webserver will remove it including all attached objects. So no, you cannot restore the ClientSession after a session timeout.
However, you could make sure the session does not expire that fast. If a user is active (creating requests by using the UI), the webserver will automatically increase the lifetime of the session. If the user is inactive but has the browser open, the background poller of Scout will keep the session alive, but only as long as specified by scout.ui.maxUserIdleTime (docs). So, you could increase that value. If the user closes the browser, the regular session timeout of your webserver (see web.xml) will come into place. You could increase this value as well, but keep in mind that the ClientSession uses quite a bit of memory. So I recommend to keep this value low to make sure the webserver can relase unused memory and won't go out of memory if many users connect.

[Updated on: Wed, 29 March 2023 10:20]

Report message to a moderator

Re: Persistent session (e.g. with cookies) [message #1859164 is a reply to message #1858280]

Tue, 16 May 2023 20:08

Nils Israel

Messages: 72
Registered: May 2010

Member

Hello,
Just in case someone tries this at home:
Setting the max-age in the web.xml sets the expiration of the session cookie to a fixed value: login-time + max-age. This value is not renewed during the session. So after max-age expires, the app make a POST request to http://app.example.com/unload/UISESSIONID, the session is terminated and the user is prompted with a login screen.

If neither max-age nor expire is set, the cookie is valid as long as the browser tab is running and is deleted afterwards.

About a month ago I set the max-age to 7200s (2h). I thought the timeout of the session cookie would reset with each user interaction.
It took me some time to figure out that this setting was causing strange timeouts for our power users. Most of our users are only using the application for a few minutes at a time.

Claudio, can you confirm the the observed behaviour is intentional and correct?

Thanks
Nils

Report message to a moderator

Re: Persistent session (e.g. with cookies) [message #1859279 is a reply to message #1859164]

Fri, 26 May 2023 06:43

Claudio Guglielmo

Messages: 256
Registered: March 2010

Senior Member

Hi Nils,

I must admin, I wasn't aware that maxAge will invalidate the session even if there are still connections. Thank you for letting us know!

Claudio

Report message to a moderator

Previous Topic:	[Solved] WAR files creation fail
Next Topic:	Using Data Objects with standard eclipse scout

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Wed May 08 09:14:44 GMT 2024

.:: Contact :: Home ::.

Breadcrumbs

Sign up to our Newsletter