Not able to set session time out in Sitecore 10.2.
I have the following settings, but if I leave the browser open for more than 20 minutes with the launchpad displayed, and then click any button After that, when I click on some button, I expected to be forcibly logged out, but I expected that the session timeout would occur when I left the system for more than 20 minutes without logging out, and then clicked some button.
Please let me know if there is a way to force a session timeout logout.
Related
I have an in-house app which is used by staff but the chances are the device it is used on could become consumer facing. With that in mind I want to ensure that should the staff forget to logout when they switch apps or just reopen the app that I have a command in there to effectively log them out.
After researching I think the best way for me would be to use:
optional func applicationWillEnterForeground(_ application: UIApplication)
and then force the app to go to the login page or the reverse so that when app enters background it forces the app to the logout URL.
Which do you think would be best and how can I use that command to then add in the chosen URL as described above?
So, while I agree with #Rakesha-Shastri in that ""app enters background it forces the app to the logout URL" This seems like bad UX. The first one where you display the login page on returning from background seems fine. It is important that the user is able to resume his work where he left off after logging in again," there does need to be a way, in-case a user is gone too long, that the credentials have passed. It seems in your case, that every time the user LEAVES or CLOSES the app, you want this to be unauthenticated. What if the user gets a phone call? Should it do that? You may want to use Timer, of say some period of time, 2-5 minutes maybe.
Any who, what you can do is force the user to have to RESTART the app, by either presenting a controller that has NO CAPABILITY of going anywhere, therefore forcing a restart, or providing a button that sends them to a login screen you have implemented.
Note:
I would definitely indicate to the user, "due to purposes of security, each time you exit the app, it requires an authentication to re-access. Please log back in". Then provide a button to the login screen.
As you did not provide code, and I'm not going to do this for you, a direction to take this would be to utilize optional func applicationWillEnterForeground(_ application: UIApplication) alongside with getting the current UIViewController. I would google how to do that. Then from there, you can create a new UIViewController that presents this button back to the login screen.
What i have done till now
1) Restricted user from multiple login. (using Spring boot security)
Provided session time out is 30 Min.(Required)
2) Kill/Invalidate session on browser close. (using beforeunload event from main.jsp)
$(window).on('beforeunload', function() {
Utils.ajaxCall('GET', "/logout", '', '', '', false);
});
What is the Issue ?
My spring boot application supports multiple tabs, As one page provides link that open another page in another tab.
When i close any tab out of opened tab, Session getting killed.
How to handle following scenario?
1) Kill session on browser closed event only?
2) Not to kill session on tab closed, But on last tab.
3) Not to kill session if another browser window is opened..as session is still accessible from that browser.
What is the GOAL
Restrict the User from multiple logins, kill the session on browser close - all tab close - last tab close(i.e Browser close).
As the title says, my project will never bring up the FB login screen until I have called
[facebook logout];
This makes sense when I've already logged in, but it happens on startup as well (i.e. the user is not yet logged in).
Hmmm...I've just tried resetting contents and settings in the simulator, and that seems to have fixed the problem. For my own peace of mind, why when I close the simulator and rerun the project does it not revert to either a state where the app is 'new' and hasn't been run before, or to a resume state - whereby the logged in user info would be available immediately?
On my device I have just tested this:
Fresh install
Open app, login via FB Connect
Close app, remove from running in background apps
Reopen app
Try to login, no response until I first click logout
So is it somehow retaining the fact that it has logged in before? If so, is there a "loggedInAlready" variable or something similar that I can check against?
Added this to didFinishLaunchingWithOptions
if([facebook isSessionValid])//if already able to log in
{
[self loginToFacebook];//attempt to login automatically on startup
}
Seems to have solved the problem. I guess that because I had:
if([facebook isSessionValid]){
[facebook login];
}
in the login button press, that when it resumed it was still in a valid session and so the button press wouldn't do anything until the logout button ended the session.
Now it automatically checks if the session is valid on startup, and if so it logs straight in for me.
:-) All's well that ends well.
I have web application in asp.net . in order to stay user logged in some how i need to extend session timeout value at runtime. suppose it is 30 min initial. and upto 29 min use not had any activity and suddenly he click some button on page at this glance there should be remaining 1 min + 30 min should extend. is this possible ? how to do that or is this internally managed in .net
As far as I know, this is the default behavior. ASP.NET implements a rolling timeout mechanism that only terminates the session information for a user if no request is received within the timeout period, but it resets the "clock" everytime a new request related to the session is received.
Session.Timeout = 60;
this will set the session timeout to 60 minutes.
There are several websites that output a small snippet of script on each page render that includes a JavaScript timer that is set to run about 2 minutes before the session timeout. If your session time out is 5 minutes, the script would be set to fire after 3 minutes.
The script would popup a modal window of some sort of warning saying "Your session is about to expire, click here to stay logged in". The button on that popup would either refresh the current page or do some AJAX to send a request to the server, refreshing the session time out. At that point you would want to re-create the timer in JavaScript incase the user is idle.
I have a UIWebView displaying a website that has a timeout policy (idle for 1800 seconds).
Since I use a custom login view to connect to the site, I want to call this same custom view after the website has issued the timeout alert.
How can I detect that such an alert has been issued to the webview, so I can call my code from there?
Thank you for your help.
If the website redirects to a particular page on timeout, you could watch for that page to be loaded in your UIWebViewDelegate's webView:shouldStartLoadWithRequest:navigationType: method.
Don't know how to solve this from UIKit perspective but if your session time out is known you could create an NSTimer in one of your controllers to alert you when a defined elapsed time, resetting it each time the app calls your site.