Crystal Enterprise and Session Timeout

[chris777]

I have developed a custom ePortfolio and the last thing was to test it in a session timeout condition. I logged on and let it sit for 20+ minutes. When trying to refresh the page I found that the InfoStore object on the server is still there, the Logon Token I store on the server is still there, and I get a sessionid back as well. However, when it tries to query for instances of a report, nothing comes back. It doesn't error, it simply returns nothing as if the report has no history.

I guess I am looking for a reliable way to test for a session timeout condition. Any suggestions?



Chris
DFW Crystal User Group

http://www.dfwcug.com

 

[synapsevampire]

What are the settings at in the CMC?

You have a few settings involved in this, though I've never bothered to test it down to the second as you seem inclined to do:

The Page Server and Cache server have timeouts (Minutes Before an Idle Job is Closed), as do the File Repository Servers.

These are global settings for the CE server.

Are you discovering that these settijngs don't work, or are you trying to verify them, or were you unaware that they existed?

-k

 

[chris777]

No, I wasn't aware of those settings. I will need to check into them. My goal is to detect when a timeout condition exists (when the user lets the window sit idle) so I can avoid any ugly behavior like I described above.



Chris
DFW Crystal User Group

http://www.dfwcug.com

 

[Turkbear]

Hi,
Some things require user education ( like not sitting at a web page forever or not using a provided log off action instead of just closing the window).

Perhaps some kind of timer could be started with OnLoad() and, after a specified time, a proc could open an Alert window reminding the user about the potential problem.
( The proc would have to reset the timer to 0 every time the page is refreshed or there is any activity ( mouse move, click or keypress), so it would not be a trivial bit of coding)

Just a thought..

 

[KingfisherINC]

If the objective is to ensure the user is logged out after a specific number of idle minutes you can set the session timeout AND the token (by default the token lasts 1 day).

// set logon token to 5 minutes (ltm = Logon token manager)
SetCookie("my_logontoken", ltm.CreateLogonTokenEx("", 5,1));

// set session timeout time to 5 minutes.
Session.Timeout = 5;

HTH

 

[chris777]

No, the objective is to test if the session has timed out and redirect them to login.

Thanks for the input.



Chris
DFW Crystal User Group

http://www.dfwcug.com

 

[chris777]

D'Oh!

It turned out to be the Anonymous User account; it was not disabled.

I was checking for the IStore, and if it didn't exist then it would retrieve the username and password stored in session variables. I assumed if they were blank then it would error and kick the user to the logon page. Since the A-User account was not disabled it was able to use the blanks and logon which then created all the appropriate session objects and defeated all my checks.

Sometimes its the little things that bite!


Chris
DFW Crystal User Group

http://www.dfwcug.com