incubator-adffaces-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "venkata guddanti" <venkata.gudda...@gmail.com>
Subject Re: PPR and session timeout
Date Wed, 19 Jul 2006 17:09:54 GMT
Hi Cosma,

My suggestion for merging the login Window content with the main page is
similar to the one you implemented using the popup window. I was suggesting
that on a login failure you can take the content of the login form merge it
with the main page form and diplay it inside the main page. You can do this
by putting a floating div containing a layer over the main page. The post
from the login page would then include the contents of the main page since
you will be posting the main form. However there might not be much benifit
in doing this compared to the login popup window solution suggested by you.

One thing that I would like to mention is that typically websites put a
javascript on the client to notify the user of a pending session timeout.
For e.g. you can have a JavaScript variable with the session timeout value
and on the main page you can do a setTimeout with this value. Of course you
need to reset this timeout(window.clearTimeout followed by window.setTimeout)
on every PPR request.

Venkata


On 7/19/06, Cosma Colanicchia <cosmacol@gmail.com> wrote:
>
> I basically want the login window to appear, not to re-log in
> automatically. Keeping the session alive would allow someone else to
> easily use an unattended workstation where someone has left the
> browser window open. Anyway it's not me, it's our customers
> requirements (at least for some critical apps).
>
> Regards
> Cosma
>
> 2006/7/19, Scott O'Bryan <darkarena@gmail.com>:
> > I'm just curious as to how keeping the session alive is a security risk
> > when you basically want to re-log them in when a PPR request comes
> > through <shrug>.
> >
> > Cosma Colanicchia wrote:
> > > Hi Venkata,
> > >
> > > I think that it wont work, because after the post the source page will
> > > be replaced with the PPR response. The PPR trick is based on having
> > > the response in another frame/window, so the javascript included in it
> > > can access the previous page and manipulate it instead of replacing
> > > the whole page.
> > >
> > > Cosma
> > >
> >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message