Re : Session Expiry - Error Screen


A search on 'Session' yielded about 800 hits! Made it through the first 100, but nothing exactly answering my requirement.

On session expiry, I lose the value of a key session variable, an entity Id, used by most screens. Navigating after the expiry, results in an error screen.
Yes I could extend the life of the session, but a user will eventually be faced with this error screen.

I understand that the session timout is not captured, so is there a way to change this error screen, to one that is user friendly,
e.g. advising that their session timed out and providing a link back to the login screen?

Thank you,
Hi Mark

If the screen that is generating the error only allows registered users, then your exception flow should have catched a security exception because the user's session just got expired, and he's no longer logged, in.

However, if your webscreen allows anonymous access, then this exception will not be raised, but the user's session information will be lost.

Is this the use case you're having? If so, do you really need to have the screen with anonymous access enabled?


Miguel Simões João
Hi Miguel,

Thank you for your reply.

In answer to your questions, in the anonymous part of my site, I do not have this error.
It only occurs after the user is logged in and is in a registered part of the site.

I have attached the error screen. The error appears to be around a ProjectId, which I have passed to a session variable during the login.
If the user performs an action after the session times outs, this variable is longer available to the screen, which seems to be causing the error. 

Actually it appears to be an error from the server, so hopefully something can be done! Not a screen to show the end user as it implies a crash!

Thanks again,

Part II of the error message (don't seem to be able to attach two files to one post!)

Hi Mark

The error screenshot is exactly what you've referred, the projectid value is null, so fetching a project record with id null generates this error.

My question here was that if the session is lost, then the user is no longer logged in, and if that screen depends on a session variable, then one of 2 things should be done:
  1. Either the screen has only registered permission areas, to force the user logout when the session expires
  2. Or, being the screen available for anonymous users, you have to protect you're screen preparation logic to check if the session variable is null or not, and act accordingly.
If this screen doesn't have the anonymous permission area, and the user is not getting redirected to the login page after session expiration, then there could be something wrong with the exception handling flow. If you share the espace and identify the screen, I can take a look at it.


Miguel Simões João
Hello Miguel,

Thank you for your time and offer to have a look at the espace.

I have attached a cut down copy of the espace for ease of debugging.

1. On the web Welcome screen, please login.

2. In the login action, there is a query to get the first ProjectId.
As this is Null, it should take you to the project selection screen (haven't tested this as already had projects in db before this action created)

3. Create a new project (couple of links to do this) and logout.

4. Login and you should now be directed to the ASPIRE page.

5. Either stay in the ASPIRE or Assess page wait 20mins (or whatever your time out is) and then refresh or press the Assess menu link.

6. Crash!

Some other points:
(a) The very top right hand button should display the name of the current project (as well as the breadcrumb), but it is the button that uses the ProjectId session variable. This button also navigates to the ASPIRE page.
(b) 90% of my screens will crash like this, as they all use this button.
(c) Please excuse the warts, my first espace using outsystems :)

Thanks again,
Hi Mark

I've analyzed the espace you've provided, and in fact, the crash is occurring on that exact button (ProjectName) on the Common\Layout_Normal webblock. The reason why it's crashins is because even though the webblock in on a registered webscreen, the webblock widgets are created before the Unregistered User exception is issued.

Since this button uses the Session.ProjectId variable to get the project name, this will cause the reported error when the session expires.

As a workaround, I would suggest to change the button's label from

This will protect your code form crashing when the ProjectId session variable is null.

Meanwhile, I believe there's a bug on the Agile Platform, in the way how these widgets are created, and I'll follow up with the OutSystems R&D team to fix it in future versions.

Let me know the results


Miguel Simões João

Hi Miguel,

Thank you for your time and help, your suggestion works perfectly!
I also noticed in my previous post that I misled you by saying it was the top right hand button, but you figured I meant the other right!

Thinking about the programmers in OutSystems R&D team reminds me of this quote!
“Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots.  So far, the universe is winning”

I'll try to reduce my idiocy level in the future :)
Kind regards,

Miguel João wrote:

However, if your webscreen allows anonymous access, then this exception will not be raised, but the user's session information will be lost.

Hi Miguel,

Can you explain me why this happens?? I just lost my session variable when go to a different webscreen, (both webscreens are anonymous).

Best regards,


Hello Frederico,

The cause for that behavior can vary, dependent on the pattern.

- How are you identifying that you're losing the session? Are you logged, and when you jump to another application you're no longer logged? 

- Or you're not logged, you're anonymous, and when you jump to the other application you lose some session variable value? 

- Are you using HTTP or HTTPS? 

- Does the domain of the other application URL the same as the previous application URL domain?

- Do you have any code in the OnSessionStart actions of each of the applications?

- Are both applications using the same User Provider?