Monday, February 27, 2012

SkillBuilders Session Timeout Plugin

It's about time!

I have had this plugin sitting around half-finished for far too long, and with the help of Dan McGhan it is now ready to be released into the wild.

Why Create a Session Timeout Plugin?

Some of you may be asking "Why would someone create a plugin when there is already built in functionality for detecting idle sessions?" Well, the problem arises when the user becomes idle and is unaware that their session is no longer valid. There is a common use case where the user's session becomes idle, but the user is not informed. When the user attempts to interact with the page, AJAX interactions do not work correctly, and when the user finally submits the page they are redirected to login page. That scenario is OK, but I think we can all agree it would be nice to make the user aware of the current status of their session. Before plugins existed, Martin D'Souza created a nice solution to this problem, but it requires some setup. Now that plugins exist the setup can be bundled into one easy to install package.

What does Session Timeout do?

SkillBuilders Session Timeout is a dynamic action plugin that attempts to bridge the gap between server and client when it comes to handling idle sessions. To define session idle length and where to send idle sessions, the plugin uses the properties defined in the security section of the application (If these attributes are not specified the plugin defaults to 30 minute idle time and the redirect URL is the home page).


When an idle session is encountered the plugin can perform one of these Timeout Actions:
  • Alert (default) - An alert message is displayed to lock the screen and inform the user.
  • Redirect - The user is redirected using the On session idle time timeout direct to this URL found in the security section of the application properties. If no value is specified then the user will be redirected to the home page for the application.
  • Logout - Redirects the user to the Logout URL defined in the applications authentication scheme.  If no Logout URL is defined then the following value will be used: apex_authentication.logout?p_app_id=&APP_ID.&p_session_id=&SESSION.
Other options:
  • Keep Session Alive - While the user remains active the server session will be refreshed with an AJAX call.
  • Session Idle Warning - This is a message that will be displayed before the session becomes idle.
  • Mask Browser Screen on Timeout -  This is an extension for the alert action and will create an overlay which hides the contents of the current page when the alert is created.
Installation Instructions

For installation instructions take a look at the Plugin Documentation.
To download the plugin visit the SkillBuilders plugin page.
Visit the demo application to see the plugin in action.