Not the most elegant solution, but it works for me. 1) I have Catalyst using ACL rules to redirect to a login page if the session has expired. 2) The login page adds a response header (Login => 1). 3) Every Ajax call checks if it has received the special login page header (i.e., if it has been redirected to the login page). 4) If the Ajax call has been redirected to the login page, it forces a top level redirect to the login page (because I've got a bunch of smaller panes controlled by Ajax).
This is nice because I don't need the client to parse every page for a string like, "Please log in again." It's a simple lookup in the header. And it does what John suggested below in not polling the server unnecessarily. This method also supports user having multiple windows open because the server remains the arbiter of when the session has expired, not the client. -steve On Mar 3, 2010, at 2:57 PM, Steve Kleiman wrote: > Hey John. Thanks for the feedback. > > Yeah, it seems simple, but accommodating multiple windows is where I have > problems. That's why I figured the way out was to poll the server every 3-5 > minutes of idle time to see if user had been logged out. > > Which brings me back to the original conundrum...asking the server, "Is your > session expired yet?" > > -s > > > On Mar 3, 2010, at 10:51 AM, John Karr wrote: > >> The more I think about this, the more problems I see with my idea, you need >> to either restrict your users to one browser window (possibly with a >> secondary page key of some sort) or have the refresh bounce to an alternate >> uri that refreshes the page without updating the server's session timer. >> >>>>>>>>>>>>>>>>>>>>>> >> >> Never mind, that's too simple. It breaks if users open up multiple pages >> unless you increase the refresh to just over twice the timeout, which may be >> an issue since presumably you don't want your user's expired sessions >> hanging around in their browser. >> >> Even simpler put a refresh tag in the page with a refresh a little over the >> session timeout value, then the site's handler for expired sessions can do >> the rest. >> >> -----Original Message----- >> From: Alexander Hartmaier [mailto:[email protected]] >> Sent: Wednesday, March 03, 2010 10:03 AM >> To: The elegant MVC web framework >> Subject: Re: [Catalyst] Check session expiry without extending it >> >> Why not return the datetime when the session expires with every page and >> have a client-side js that does the redirect without hammering the >> server? >> >> -- >> Best regards, Alex >> >> >> Am Dienstag, den 02.03.2010, 21:43 +0100 schrieb Steve Kleiman: >>> Using Catalyst::Plugin::Session with Session::State::Cookie. >>> >>> Would like to be able to poll server if the user's session has expired >>> WITHOUT extending the session itself. >>> >>> The objective is to have a javascript periodical executor check if a >>> session is expired and redirect user to a "Your session has expired" page >>> if appropriate. Could do it in javascript but would prefer doing it on >>> server. >>> >>> Anyone tried this? >>> >>> Thanks in advance. >>> >>> -Steve Kleiman >>> _______________________________________________ >>> List: [email protected] >>> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst >>> Searchable archive: http://www.mail-archive.com/[email protected]/ >>> Dev site: http://dev.catalyst.perl.org/ >> >> >> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* >> T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien >> Handelsgericht Wien, FN 79340b >> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* >> Notice: This e-mail contains information that is confidential and may be >> privileged. >> If you are not the intended recipient, please notify the sender and then >> delete this e-mail immediately. >> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* >> >> _______________________________________________ >> List: [email protected] >> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst >> Searchable archive: http://www.mail-archive.com/[email protected]/ >> Dev site: http://dev.catalyst.perl.org/ >> >> >> _______________________________________________ >> List: [email protected] >> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst >> Searchable archive: http://www.mail-archive.com/[email protected]/ >> Dev site: http://dev.catalyst.perl.org/ >
_______________________________________________ List: [email protected] Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
