incubator-adffaces-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cosma Colanicchia" <cosma...@gmail.com>
Subject Re: PPR and session timeout
Date Wed, 19 Jul 2006 17:28:41 GMT
Venkata, I see your solution but it still think that could cause
problems. The difference is that using the popup window will leave the
main page available and untouched when the PPR response will arrive.
The javascript included in the PPR response will then be able to
safely update the main page, like it does with a normal PPR
request-response cycle. On the other hand, this "theory" must be
missing something, as I explained in a previous post.

For the javascript, IMO it wouldn't add much value. Tipically, when a
web-application is left unattended for, let's say, 20 or 30 minutes,
it is because the user is not paying attention to the browser or is
away from his/her workstation, so the timeout alert will likely be
ignored too. I think that such feature is very useful for pages where
the user can stay for a long time reading/entering data, but it isn't
the usual web application function, at least for me :)

Regards
Cosma


2006/7/19, venkata guddanti <venkata.guddanti@gmail.com>:
> Hi Cosma,
>
> My suggestion for merging the login Window content with the main page is
> similar to the one you implemented using the popup window. I was suggesting
> that on a login failure you can take the content of the login form merge it
> with the main page form and diplay it inside the main page. You can do this
> by putting a floating div containing a layer over the main page. The post
> from the login page would then include the contents of the main page since
> you will be posting the main form. However there might not be much benifit
> in doing this compared to the login popup window solution suggested by you.
>
> One thing that I would like to mention is that typically websites put a
> javascript on the client to notify the user of a pending session timeout.
> For e.g. you can have a JavaScript variable with the session timeout value
> and on the main page you can do a setTimeout with this value. Of course you
> need to reset this timeout(window.clearTimeout followed by window.setTimeout)
> on every PPR request.
>
> Venkata
>
>
> On 7/19/06, Cosma Colanicchia <cosmacol@gmail.com> wrote:
> >
> > I basically want the login window to appear, not to re-log in
> > automatically. Keeping the session alive would allow someone else to
> > easily use an unattended workstation where someone has left the
> > browser window open. Anyway it's not me, it's our customers
> > requirements (at least for some critical apps).
> >
> > Regards
> > Cosma
> >
> > 2006/7/19, Scott O'Bryan <darkarena@gmail.com>:
> > > I'm just curious as to how keeping the session alive is a security risk
> > > when you basically want to re-log them in when a PPR request comes
> > > through <shrug>.
> > >
> > > Cosma Colanicchia wrote:
> > > > Hi Venkata,
> > > >
> > > > I think that it wont work, because after the post the source page will
> > > > be replaced with the PPR response. The PPR trick is based on having
> > > > the response in another frame/window, so the javascript included in it
> > > > can access the previous page and manipulate it instead of replacing
> > > > the whole page.
> > > >
> > > > Cosma
> > > >
> > >
> > >
> >
>
>

Mime
View raw message