Session Timeout / Best Practices

Session Timeout / Best Practices

  
Hi all,

I need some guidance on what should be the "best practice" (you can assume that I'm working with platform 6.0 or 7.0) when handling session timeout, whether they occur on ajax screens or not. I'd like your input on each scenario:

Scenario 1: I have a screen with some inputs that allows me to create some records on an entity. I fill all the mandatory inputs, wait 30m then press "save". The session timed out after 20m, but since I'm running an action, there will be no security exception raised. The record will be saved, but since one of the fields depended on a session variable and because the session expired, that variable will now be a NullIdentifier (assuming the session varibale was an entity identifier) and will be saved as such.

Scenario 2: A screen wich has a TableRecord that lists data. There are some filters that affect the listing, as usual. Since I'm using pagination on the TR, I'm calling the refreshQuery through an Ajax request, again, usual pattern. This time, the session timeout is at 60m, but since the user refreshes the TR regularly (like in 15m intervals) this shouldn't pose a problem. BUT there is. All these ajax refreshes seem to NOT keep the session alive, because when the user clicks on one of the rows to edit some data, the session variables are all "gone" and the session expired.

So, no ideas?????
Anyone? Outsystems staff, are you all on vacations? :P

regarding scenario 1... i'm curious why an identifier should be a session-var. Unless you mean the userid, and you use it with your entities in "UpdateBy, CreatedBY"
You should always check that it's filled, so you can audit records afterwards.

regarding scenario 2... I am not sure. I don't understand why a user is refreshing a table every 15minutes and why should you stick with ajax-refresh and not a simple page-reload?
Joost Landgraf wrote:
regarding scenario 1... i'm curious why an identifier should be a session-var. Unless you mean the userid, and you use it with your entities in "UpdateBy, CreatedBY"
You should always check that it's filled, so you can audit records afterwards.

regarding scenario 2... I am not sure. I don't understand why a user is refreshing a table every 15minutes and why should you stick with ajax-refresh and not a simple page-reload?
 
 
Hi Joost,
Scenario 1: it is, in fact, a user id. And I need it for exactly what you said.

Scenario 2: A user needs to refresh every 15m, because that user is checking if there is pending work for him on that table. Your idea of a simple page reload is what we did. I guess I was trying to find if there were other less obvious solutions. But I guess sometimes the obvious is good enough ;)