Venkata, I see your solution but it still think that could cause problems. The difference is that using the popup window will leave the main page available and untouched when the PPR response will arrive. The javascript included in the PPR response will then be able to safely update the main page, like it does with a normal PPR request-response cycle. On the other hand, this "theory" must be missing something, as I explained in a previous post.
For the javascript, IMO it wouldn't add much value. Tipically, when a web-application is left unattended for, let's say, 20 or 30 minutes, it is because the user is not paying attention to the browser or is away from his/her workstation, so the timeout alert will likely be ignored too. I think that such feature is very useful for pages where the user can stay for a long time reading/entering data, but it isn't the usual web application function, at least for me :) Regards Cosma 2006/7/19, venkata guddanti <[EMAIL PROTECTED]>:
Hi Cosma, My suggestion for merging the login Window content with the main page is similar to the one you implemented using the popup window. I was suggesting that on a login failure you can take the content of the login form merge it with the main page form and diplay it inside the main page. You can do this by putting a floating div containing a layer over the main page. The post from the login page would then include the contents of the main page since you will be posting the main form. However there might not be much benifit in doing this compared to the login popup window solution suggested by you. One thing that I would like to mention is that typically websites put a javascript on the client to notify the user of a pending session timeout. For e.g. you can have a JavaScript variable with the session timeout value and on the main page you can do a setTimeout with this value. Of course you need to reset this timeout(window.clearTimeout followed by window.setTimeout) on every PPR request. Venkata On 7/19/06, Cosma Colanicchia <[EMAIL PROTECTED]> wrote: > > I basically want the login window to appear, not to re-log in > automatically. Keeping the session alive would allow someone else to > easily use an unattended workstation where someone has left the > browser window open. Anyway it's not me, it's our customers > requirements (at least for some critical apps). > > Regards > Cosma > > 2006/7/19, Scott O'Bryan <[EMAIL PROTECTED]>: > > I'm just curious as to how keeping the session alive is a security risk > > when you basically want to re-log them in when a PPR request comes > > through <shrug>. > > > > Cosma Colanicchia wrote: > > > Hi Venkata, > > > > > > I think that it wont work, because after the post the source page will > > > be replaced with the PPR response. The PPR trick is based on having > > > the response in another frame/window, so the javascript included in it > > > can access the previous page and manipulate it instead of replacing > > > the whole page. > > > > > > Cosma > > > > > > > >
