Session Timeout Management

From Documentation
Session Timeout Management


Stop.png This documentation is for an older version of ZK. For the latest one, please click here.


Stop.png This documentation is for an older version of ZK. For the latest one, please click here.

After a session is timeout, all desktops it belongs are removed. If a user keeps accessing the desktop that no longer exists, an error message will be shown at the browser to prompt user for the situation.

Sometimes it is better to redirect to another page that gives users more complete description and guides they to the other resources, or asks them to login again. You can specify the target URI, that you want to redirect users to when timeout, in zk.xml under WEB-INF directory. For example, the target URI is /timeout.zul and then you can add the following lines to zk.xml.

<session-config>
    <device-type>ajax</device-type>    
    <timeout-uri>/timeout.zul</timeout-uri>    
</session-config>

Tip: Each device has exactly one timeout URI. For more information about zk.xml, refer to Appendix B in the Developer's Reference

In addition to zk.xml, you can change the redirect URI manually as follows.

Devices.setTimeoutURI("ajax", "/timeout.zul");

About Device: A device represents the client device. Each desktop is associated with one device, and vice versa.

If you prefer to reload the page instead of redirecting to other URI, you can specify an empty URI as follows.

<session-config>
    <device-type>ajax</device-type>    
    <timeout-uri></timeout-uri>    
</session-config>

You can also prevent the session timeout by making a "keep-alive" timer. Set in zk.xml:

<session-config>
  <timer-keep-alive>true</timer-keep-alive>
</session-config>

and make a timer in your ZUL page:

<timer id="timerKeepAliveSession" repeats="true" delay="10000"/>

This will prevent the session to time out when the ZUL page is opened in the borwser. The session still timeouts when the user has navigated the browser away (or when the connection between browser and the server is broken). Instead of 10sec delay, you may set the timerKeepAliveSession more flexible, like session.getMaxInactiveInterval() * 100.



Last Update : 2010/11/19

Copyright © Potix Corporation. This article is licensed under GNU Free Documentation License.