Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

EWD 3 Training Course Part 12: QEWD Session Timeout Control

336 views

Published on

This presentation is Part 12 of the EWD 3 Training Course. It explains how to control the timeout setting and expiry of QEWD Sessions.

Published in: Software
  • Be the first to comment

  • Be the first to like this

EWD 3 Training Course Part 12: QEWD Session Timeout Control

  1. 1. Copyright © 2016 M/Gateway Developments Ltd EWD 3 Training Course Part 12 QEWD Session Timeout Control Rob Tweed Director, M/Gateway Developments Ltd Twitter: @rtweed
  2. 2. Copyright © 2016 M/Gateway Developments Ltd Session Timeout • When an application is registered, a QEWD Session is created for it, but its timeout is deliberately very short: – 5 minutes by default – Can customise this initial timeout setting • In your QEWD startup file, set: – config.initialSessionTimeout » Specify value in seconds, eg 600
  3. 3. Copyright © 2016 M/Gateway Developments Ltd QEWD startup file example var config = { managementPassword: 'keepThisSecret!', serverName: 'New QEWD Server', port: 8080, poolSize: 1, database: { type: 'cache', params: { path: 'c:InterSystemsCache2015-2mgr’ } }, initialSessionTimeout: 120 // 2 minute initial timeout }; var qewd = require('qewd').master; qewd.start(config);
  4. 4. Copyright © 2016 M/Gateway Developments Ltd Session Timeout • The user must do something in the browser that generates an event which, in turn, sends a message to the QEWD back-end before the initial Session timeout period is exceeded – Otherwise, when a message is sent, the back- end will instruct the browser to disconnect the socket
  5. 5. Copyright © 2016 M/Gateway Developments Ltd Session Timeout • It is a good idea for the initial post- registration Session timeout to be short, if user authentication is required • But once the user has authenticated and/or begun using the application, you'll want to re-set the session timeout to a more sensible value, eg – 20 minutes – Perhaps an hour or more
  6. 6. Copyright © 2016 M/Gateway Developments Ltd Session Timeout • You can re-set the session timeout period in any of your back-end message handler functions: – session.timeout = newValue; • eg: session.timeout = 3600;
  7. 7. Copyright © 2016 M/Gateway Developments Ltd Session Expiry • When the QEWD back-end receives a valid tokenised request, the session expiry time is updated to: – Current time + session.timeout • ie: user activity updates the session expiry – Or any event in the browser that causes a message to be sent to the back-end
  8. 8. Copyright © 2016 M/Gateway Developments Ltd Session Expiry • If you change the session timeout, the expiry time will not be changed at that time – Not until the next message is received • You can force an immediate update in your back-end message handler function: – session.timeout = 3600; – session.updateExpiry(); // apply the new timeout

×