PDA

View Full Version : Time of User Disconnect?



HankFay
2014-06-28, 22:57
It there to capture the time when a user disconnects from a session, for example by closing the browser?

The Unload event works fine in CS browser mode, even running LianjaVFP code (I was guessing that before and after the app launches, code would be running on the cloudserver itself).

thanks,

Hank

PS: related questions

1) when a user disconnects and reconnects they seem to get a new session. That makes sense. Just asking for confirmation.

2) when a user disconnects, how long does that session stay up? And does the Unload delegate fire at some point?

barrymavin
2014-06-28, 23:39
Hi Hank,

I had looked into this and there does not appear to be any browser agnostic way to differentiate when the browser or tab closes.

The way browsers work is that any cookies created on the server and sent back in their HTTP response are "session cookies" and are deleted by the browser when it exits.

This is how sessions are handled by Lianja Cloud Server.

Sessions are automatically deleted on the server if no requests have been made for a period of time. This occurs when a user closes the browser or logs out, in which case when they login they are allocated a new session id and a new authentication token, both of which are session cookies and cannot be deleted by the client. This is a security restriction in modern browsers.

It is better to advise users to logout when they have completed their work just as one would do in a desktop App.

Auto logout could be handled in a timer if required by checking the time and the Lianja.App.txcount property which increments as server calls are made.

Hope that clarifies.

HankFay
2014-06-29, 00:22
Hi Barry,

yes, that clarifies.


Sessions are automatically deleted on the server if no requests have been made for a period of time.

Is that time limit a) known and/or b) configurable, and c) trappable in the app, as being an "unload that occurred because of a timeout event"?

thanks,

Hank

barrymavin
2014-06-29, 00:56
Hi Hank,

i will need to look in the code and get back to you.

It is a fixed expiration value handled by the server when other requests come in. At that point old sessions are removed by comparing the date and time of the session file with the expiration interval. Bear in mind the session files are recreated on requests. Active session files are only removed on logout. Lianja.logout() calls the server which removes the session file, the session id and the authentication token. Unload could be called just prior to that I suppose.

There is no way of knowing when a session file is deleted.

HankFay
2014-06-29, 16:19
Thanks.

I am looking at two Use Case scenarios.

1) a user is working on an app, and the connection is disrupted for some reason (ISP hiccup; power hiccup at user; etc.). The user figures it's the browser, so restarts the browse. Bye-bye cookie. But if the app were able to store the session id from the server, and the session id still existed on the server, it would seem as though it should be possible to reinstitute the session.

2) the app developer wants to know (for whatever reason, although I have one in mind) how long the user spends using the app. All is fine if the user logs off. But if the user leaves the app open, it will eventually (as you indicate, when someone else logs in, and the current time is older than the session file last modify + the interval) be removed. That means the max time the user was actively using the system would be the time of removal less the interval. Rough, but better than nothing when usage time has meaning.

thanks,

Hank

barrymavin
2014-06-30, 03:19
For security reasons in the browser the session id and authentication token are created on the server and sent back as a cookie in the HTTP headers. These are session cookies.

Once a disconnection has occurred the user must login again and that process provides both a new session id and an authentication token.

You can create your own cookie containing the date and time in the App init(), load() or ready().

As I mentioned, I should probably call the unload() delegate when a logout occurs or when you switch Apps.

There is a one hour limit on sessions. If there is no activity for an hour the session file will be removed.