Thread: Session Timeout Warning

This should be an easy one, and Mr. Google and I could probably figure it out, but I figure somebody would know off the top of the head.

Our internal application is of the kind wherein users tend to leave a data entry screen up all day, make periodic entries and then try to save the changes. Of course, by then the session has expired, and the corporate security kicks in (really old homegrown code). At this point, we have lost all the session information, and thus can not process the data. (This app is going to be rewritten next year, so we'll fix a lot of these issue at the core then).

I've seen a number of sites that pop up a message just prior to the session timeout -- basically saying, do some or else. I'd like to add this to at least give our users the chance to save the changes before they go poof.

Probably easy, just need a point the right direction.

What is the site written in?

In an ASP.NET app I had a JS countdown and when it expired a control popped up with a button they could click to remain logged in. When they clicked it, a asmx webservice would fire that renewed the ticket.

I also had a JS code that saved every form element into a 2dimensional cookie form element id : value and when they logged back in it retrieved this cookie and repopulated the form elements.

Probably a bit out of date now, but I could post the code if it would help?

Hmmm..knowing what the site is written in helps?

It's in Coldfusion. If you don't know, think of it as along the lines of ASP Classic or PHP; or even straight HTML.

If you do any refresh on the page, then you'd have to have some method of saving the current values when they refresh.

So, it'd have to be an async postback. Can this be done with CF? Also, what would happen if they don't refresh the session? They'd lose the values they have in the form?

ColdFusion Session Timeout with Warning and jQuery Session Refresh - jensbits.com

Yes, the values are POSTed back to the server. State management is up to the developer in CF so we do save everything and post it back on error. I think the problem comes in where the security app gets it muddy hands in there. We redirect to the security app and it redirects back. I haven't confirmed it, but by that time I think the posted info is gone (security concerns).

All that will be addressed when we make this an ASP.NET app.

If it turns out to not be a quick and dirty fix, then I'm all for reminding the users to save early and save often.

Thanks @jmh -- I'll give that a go and see if it shakes out (or if our security Nazis complain -- the world would end if we left a session idle for more than 20 minutes!)