This discussion is archived
5 Replies Latest reply: Aug 23, 2012 12:15 AM by Nitin Khare RSS

How to handle session expiration in ATG

Avinash Dathathri Newbie
Currently Being Moderated
Hi,
We have a requirement wherein we have to redirect the user to a specific jsp when his session is expired. For example if a guest user is in cart page and is idle for more than 30 min he should be redirected to session expired page. We are using Apache web server and Jboss app server. Following are the ways i tried
1. In Apache/conf/extra/httpd-vhosts.conf, I have set ErrorDocument 409 to session expired jsp - This is failed because jsp is not a static content and only static contents will be present in webserver. If it would have been a simple html (static) then this method would have worked fine I believe.
2. In cart page I have set the sessionExpirationURL of cartformhandler to appropriate jsp, checkForValidSession to true, CheckSessionExpiration.expirationURL to same session expired jsp. I am not sure why this is not working.


Please let me know the best way to handle this situation. Any suggestions would be appreciated.



Regards,
Avinash
  • 1. Re: How to handle session expiration in ATG
    GopinathRamasamy Journeyer
    Currently Being Moderated
    You can use the securityStatus of the /atg/userprofiling/Profile componenent.

    Check for this property in the jsp. Typically if it is 4 or 5, for normal logged in users (6 for those who uses certificate). You can use Redirect droplet to redirect the other users. However this will not automatically redirect the user on session expiration and needs at least a page refresh.

    In the java code, you can check for Profile.isTransient() method which returns true for guest users.

    You can refer to the below sections in the ATG Personalization Programming Guide:

    4 Working with User Profiles -> Tracking Users -> Security Status

    4 Working with User Profiles -> Tracking Users -> Using Security Status in Content Pages
  • 2. Re: How to handle session expiration in ATG
    Avinash Dathathri Newbie
    Currently Being Moderated
    Using SecurityStatus I can identify whether the user is logged in or not. But in our application guest users can also do a checkout process completely. Our requirement is If a guestUser/loggedinUser add some items and stays idle in cart page for 30 min, we have to redirect the user to appropriate session expired page
  • 3. Re: How to handle session expiration in ATG
    Nitin Khare Expert
    Currently Being Moderated
    In cart page I have set the sessionExpirationURL of cartformhandler to appropriate jsp, checkForValidSession to true, CheckSessionExpiration.expirationURL to >same session expired jsp. I am not sure why this is not working.
    This won't happen automatically. Only when your request makes a call to the formhandler it can check for session and then redirect if required.
    Our requirement is If a guestUser/loggedinUser add some items and stays idle in cart page for 30 min, we have to redirect the user to appropriate session >expired page
    This again won't happen automatically. Think about the fact that without making any request to the server, how the browser would come to know that the session has expired? I think you would have to use javascript to achieve what you want. Set a JS timer in your page to check if user is on the same page till timeout happens and try making new request to page when the timer ends.
  • 4. Re: How to handle session expiration in ATG
    Avinash Dathathri Newbie
    Currently Being Moderated
    Nithin,
    You are absolutely correct. In our case also the requirement is same. After session expiration, we should redirect the user to session expired page on any further user actions. For example if he clicks on any link or any button present on cart page after session expiration, we should redirect the user to session expired page.
  • 5. Re: How to handle session expiration in ATG
    Nitin Khare Expert
    Currently Being Moderated
    When user clicks any link on your page after session expired then you can redirect him to login page through your formhandler if a handleX() method was invoked by the request or you can use a filter which can check for something like profile.isTransient(). You can then redirect to the login page from your filter keeping a parameter of the original url to be used as login success url so that after login you can again redirect to the page that user originally intended to see.

    For detecting user idleness in browser, here is one of the possible approach using javascript by implementing a document level keyboard/mouse listener to detect user interaction in your page:
    <script type="text/javascript">
        var t;
        window.onload = resetTimer;
        document.onmousemove = resetTimer;
        document.onkeypress = resetTimer;
    
        function handleIdleTimedOut() {
            //alert("You are now logged out.");
            window.location.href = 'logout.jsp';
        }
    
        function resetTimer() {
            clearTimeout(t);
            var timeoutPeriod = 1000 * 60 * 5;  //5 minutes        
            t = setTimeout(handleIdleTimedOut, timeoutPeriod);
        }
    </script>
    Apart from this, you may also want to take a look at reverse ajax to send the timed out kind of notification to the browser with the help of a HttpSessionListener:
    http://directwebremoting.org/dwr/documentation/reverse-ajax/index.html

    Hope this helps.

    Edited by: Nitin Khare on Aug 23, 2012 12:15 AM

Incoming Links

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points