Karl, p:poll introduces security concerns? Please elaborate/clarify. Thanks. On Feb 13, 2014 3:39 AM, "Karl Kildén" <[email protected]> wrote:
> Good suggestion Thomas, > > For myself I would need this: > > < 1 Hour: Keep session alive with p:poll > > 1 Hour: Render p:idleMonitor instead and warn for activity and session > destroy in x minutes. > > The switch to a idleMonitor would require that you check the submitted > request parameters and this way know if poll component triggered the > request or the user. > > A plain p:poll is unacceptable for our system for security reasons. > > > On 13 February 2014 09:26, Thomas Andraschko <[email protected] > >wrote: > > > >> I dont know why & how this is so implemented but It is very normal > that > > the > > >> user may be busy reading some section of website or be away for 20 > > minutes, > > >> & as he comes back & interacts with opened pages, how would I make > that > > >> work without the state ? > > >> I think this is a common requirement for any public websites. > > > > You could just add an ajax poll components and ping the server all 5 > > minutes - so the session will only be destroyed if all tabs from your > > application are closed. > > >
