Session Timeout

autonomy2

Hi Support.

When a session has timed out in Aware, it usually leaves an error message with the logon button underneath. My problem is, that the page is left with the menu / banner still exposed from the previous (expired) session. If a user were to click on the menu, another black screen is displayed with an error message and a partial view of a search box.

My question is: is there a way of getting Aware to redirect the page to the Logon.jsp file when a session is timedout?

aware_support

No, not at the moment.

autonomy2

Hi Support.

In regards to this issue on session timeouts, I have a situation where my application uses a search function located in the left banner, calling a query. The query results are displayed in a new window using target=blank. It is designed like this, so that the user can read the information in the main screen whilst pulling detailed information from the
database.

The problem is that if the session has timed out, when the user clicks the search button, the new window displays the session timeout message, leaving the original (timedout session) page open. Then if a user clicks any of the menu items on the original page, the session timeout message is displayed in the main page in red, with an ugly black background. This sounds like my original post, but it has a slightly different twist.

I have seen other websites display a message to the user that the session was about to time-out and then gracefully redirects the users open page back to the login page (if no activity has been conducted).

I need to ask if and when this could be addressed, as our site is about to go live.

I believe that this is an important issue in terms of the corporate world accepting AwareIM as a viable secure option for web applications. I myself know that the functionality of AwareIM is fantastic, but convincing my CEO and his CEO buddies where the screen is left in its current timedout session state is another thing altogether.

Could this issue be addressed using a plug in?

aware_support

Well, the problem is frames. Aware IM uses frames and usually when you click on the menu the output is redirected to the main area (which is a frame). The timeout message should ideally be displayed in full screen, but the problem is that the timeout is detected on the server when it is already too late to set the target of the request. Therefore, a special page is displayed within the main frame asking user to logon. This special page sets the appropriate target so when the user presses the Logon button the output is redirected to the full screen.

This special page is called relogon.jsp and is located in the AwareIM/Tomcat/webapps/AwareIM directory. If you are familiar with jsp you can edit this page and display whatever you like with the appropriate background - for example, you can easliy add automatic re-direction to a logon page.

The problem with the blank page is more difficult. When you redirect your menu item to a blank page Aware IM has no option but to display the timeout message on this blank page. When you click another item on the original page you will still get the timeout message there as well. The only solution that I see here is to send the request to Aware IM using AJAX. This request can check whether Aware IM has returned a timeout message and if so direct the output to the original page rather than to the blank page. This is actually easier than it might sound and quite doable too. I