ewd 3 training course part 12: qewd session timeout control
TRANSCRIPT
Copyright © 2016 M/Gateway Developments Ltd
EWD 3 Training CoursePart 12
QEWD Session Timeout Control
Rob TweedDirector, M/Gateway Developments Ltd
Twitter: @rtweed
Copyright © 2016 M/Gateway Developments Ltd
Session Timeout
• When an application is registered, a QEWD Session is created for it, but its timeout is deliberately very short:– 5 minutes by default– Can customise this initial timeout setting
• In your QEWD startup file, set:– config.initialSessionTimeout
» Specify value in seconds, eg 600
Copyright © 2016 M/Gateway Developments Ltd
QEWD startup file examplevar config = {managementPassword: 'keepThisSecret!',serverName: 'New QEWD Server',port: 8080,poolSize: 1,database: {type: 'cache',params: {path: 'c:\\InterSystems\\Cache2015-2\\mgr’
}},initialSessionTimeout: 120 // 2 minute initial timeout
};
var qewd = require('qewd').master;qewd.start(config);
Copyright © 2016 M/Gateway Developments Ltd
Session Timeout
• The user must do something in the browser that generates an event which, in turn, sends a message to the QEWD back-end before the initial Session timeout period is exceeded– Otherwise, when a message is sent, the back-
end will instruct the browser to disconnect the socket
Copyright © 2016 M/Gateway Developments Ltd
Session Timeout
• It is a good idea for the initial post-registration Session timeout to be short, if user authentication is required
• But once the user has authenticated and/or begun using the application, you'll want to re-set the session timeout to a more sensible value, eg– 20 minutes– Perhaps an hour or more
Copyright © 2016 M/Gateway Developments Ltd
Session Timeout
• You can re-set the session timeout period in any of your back-end message handler functions:– session.timeout = newValue;
• eg: session.timeout = 3600;
Copyright © 2016 M/Gateway Developments Ltd
Session Expiry
• When the QEWD back-end receives a valid tokenised request, the session expiry time is updated to:– Current time + session.timeout
• ie: user activity updates the session expiry– Or any event in the browser that causes a
message to be sent to the back-end
Copyright © 2016 M/Gateway Developments Ltd
Session Expiry
• If you change the session timeout, the expiry time will not be changed at that time– Not until the next message is received
• You can force an immediate update in your back-end message handler function:– session.timeout = 3600;– session.updateExpiry(); // apply the new timeout