It’s fairly web-related, but I am looking
for Ruby code, so it’s sort of on-topic.
There are some web sites I login to (log into?),
such as my bank, that timeout the login after
x minutes with no activity.
Of course, I usually find myself away from the
keyboard for 2x + n minutes.
Is there more than one way a timeout is usually
handled? I can see where it might be done in
the browser, perhaps with Javascript; but I can
see where it might also be done server-side, in
which case it’s possible to write a keepalive
program.
Typical session management works something like this:
browser with no session ID connects to webserver
webserver generates new session ID for client
webserver “sets” session ID for client by setting a
cookie on the client’s browser that the webserver can
use to relate the browser back to its session.
A keep-alive could be as simple as refreshing the browser window before
the timeout period elapses.
Is there more than one way a timeout is usually
handled? I can see where it might be done in
the browser, perhaps with Javascript; but I can
see where it might also be done server-side, in
which case it’s possible to write a keepalive
program.
–
Dossy Shiobara mail: dossy@panoptic.com
Panoptic Computer Network web: http://www.panoptic.com/
“He realized the fastest way to change is to laugh at your own
folly – then you can let go and quickly move on.” (p. 70)
Niether Javascript nor using cookie expiration times are good options
because they rely on the client side to a) do what you asked it to, b) do
it correctly. Both for technical and security reasons you still have to
authenticate everything that comes back from the client each time the
client sends it. Unless it really doesn’t matter to you if they time out
and this is there for their protection.
My local library does this. They have Javascript that refreshes any detail
pages back to their homepage after a set time. Which is great at the
library, it means I can walk away from a terminal and after a while it
resets itself. It’s terrible at home, where I might be looking up books
and go away for a while… when I come back I’ve lost my page.
<ruby_content type=“obligatory”>
A lightweight solution (also potentially anonymous-- you can set up
sessions with or without a login using this) would use CGI::Session and
sess[‘last_access’] = Time.now. For each successive page load if Time.now
< sess[‘last_access’] + interval, then they’re ok… so reset
sess['last_access] = Time.now and continue loading page.
</ruby_content>
If I had users in a database I would probably work this into the routine
that verifies their cookie on each page load, and just have a last_access
field in my users table. That’s a field I’d probably have anyway, since
it’s a common requirement to know how active the user base is, and this is
a key measure for that.
-michael
···
On Sunday 25 August 2002 01:15, Hal E. Fulton wrote:
Is there more than one way a timeout is usually
handled? I can see where it might be done in
the browser, perhaps with Javascript; but I can
see where it might also be done server-side, in
which case it’s possible to write a keepalive
program.
