Session timeout - nschonni/wet-boew GitHub Wiki
Project lead: Roch Lambert (@rlambert27)
This sub project will help web asset owners provide session timeout and inactivity timeout functionality. When a user requests a page with this plugin implemented their session will begin. After the specified session period, they will be notified that their session is about to timeout. At this point, they will have the option to remain logged in by clicking "OK", or logging out by clicking "Cancel". At anytime during the session, if the user remains idle for a specified amount of time, they will be notified that they're session is about to time out. In either case, if the user does not respond to the timeout notification within a specified amount of time, once they click either "OK" or "Cancel" they will be automatically redirected to the log out page.
- Timing can be adjusted easily in the parameters
- Conforms to WCAG 2.0 AA
- Progressive enhancement approach
- On all pages, as appropriate
The code you're allowed to edit is:
<span class="wet-boew-sessiontimeout" data-wet-boew="{inactivity: 1200000, reactionTime: 30000, sessionalive: 1200000, logouturl: './', refreshCallbackUrl: './'}"></span>
This allows you to configure the component:
- inactivity: This is the inactivity period of time after which the dialog message will appear.
- reactionTime: This is the period of time the user has to perform an action with the dialog message.
- sessionalive: This is the period of time for the session to stay alive until the dialog message appears.
- logouturl: This is the URL that users are sent to when the session has expired.
- refreshCallbackUrl: This is the URL to perform an ajax refresh, must return true/false.
<span class="wet-boew-sessiontimeout" data-wet-boew="{logouturl: './'}"></span>
IMPORTANT NOTE: The inactivity, reactionTime and sessionalive parameters are set in milliseconds. The only required parameter is the logouturl. The default inactivity and sessionalive is set to 20 minutes with a 30 second confirmation time with the dialog message. The refreshCallbackUrl must not be a page containing the timeout function again as a loop will be created, it should be simply a viewless page that refreshes the session.
Need help with the conversion? See: http://www.calculateme.com/Time/Minutes/ToMilliseconds.htm
IMPORTANT NOTE: Your sessionalive and inactivity parameters should be equal to your web server session alive time minus the reactionTime time. If you set your sessionalive time and inactivity time to the same as your web server without taking into consideration the reactionTime time then the session will have ended by the server as soon as the popup appears to extend the session.
The code for the session timeout is located in several places within the source folder of WET:
- js/workers/sessiontimeout.js - contains the JavaScript code for the session timeout
- js/sass/includes/_sessiontimeout.scss - contains the CSS for the session timeout
- js/sass/includes/_sessiontimeout-ie7.scss - contains the IE7 specific CSS for the session timeout
- js/sass/includes/_sessiontimeout-ie8.scss - contains the IE8 specific CSS for the session timeout
- js/images/sessiontimeout/ - contains the images for the session timeout
- Providing a very short time frame could cause issues with certain disability groups
- Will not work if JavaScript is disabled