myfaces-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Howard W. Smith, Jr." <smithh032...@gmail.com>
Subject Re: How to survive viewscoped beans/viewmap after session destroy (using client side saving)?
Date Thu, 13 Feb 2014 11:52:14 GMT
Karl, p:poll introduces security concerns? Please elaborate/clarify.
Thanks.
On Feb 13, 2014 3:39 AM, "Karl Kildén" <karl.kilden@gmail.com> wrote:

> Good suggestion Thomas,
>
> For myself I would need this:
>
> < 1 Hour: Keep session alive with p:poll
> > 1 Hour: Render p:idleMonitor instead and warn for activity and session
> destroy in x minutes.
>
> The switch to a idleMonitor would require that you  check the submitted
> request parameters and this way know if poll component triggered the
> request or the user.
>
> A plain p:poll is unacceptable for our system for security reasons.
>
>
> On 13 February 2014 09:26, Thomas Andraschko <andraschko.thomas@gmail.com
> >wrote:
>
> > >> I dont know why & how this is so implemented but It is very normal
> that
> > the
> > >> user may be busy reading some section of website or be away for 20
> > minutes,
> > >> & as he comes back & interacts with opened pages, how would I make
> that
> > >> work without the state ?
> > >> I think this is a common requirement for any public websites.
> >
> > You could just add an ajax poll components and ping the server all 5
> > minutes - so the session will only be destroyed if all tabs from your
> > application are closed.
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message