If Salesforce session timeout is set to 15 min, and a user is typing in a textbox in a salesforce and hasn't saved in 15 min, Salesforce session timer does not reset without a save or ping back to server.
Is there a different option/workaround so that the timer resets if the user is actively typing/using a salesforce box but not saving?
Did your company click Setup -> Session Settings -> Disable session timeout warning popup? It's org-wide but there's idea to upvote: https://ideas.salesforce.com/s/idea/a0B8W00000Gdb0bUAB/disable-session-timeout-warning-popup-option-for-individual-user
Alternatively you could try some home grown timeout warning, inject it into Utility Bar at bottom of the screen... Might be messy
Alternatively - consider moving over to Notes (ContentDocument / ContentNote objects), you can see they save the draft as you type.
Related
I am using Gorilla Sessions for my Go website to manage user logins.
Sometimes when a user leaves their computer for an hour or so the session expires but they have no idea about it. So the user goes on with their work but as soon as they try to save their progress, they get logged out. Is there any way I could detect if a user's session is about to expire, so I can automatically save their work or display a warning message?
Solution:
As soon as the client logs in they receive the session expiration date from the server. Then I set up a timer on client side, which after being idle for X (10 in my case) minutes, calls the API in every minute and checks if the session is still alive and if there is more time left than two minutes. If only two minutes left, I raise a warning message on the client side to inform the user that their session is about to expire (I also used this event to fire the auto save functions).
I am stuck with a session handling problem for past few days.
I am working on an application where an user logs into his account and can register there details or change them. How to manage sessions in this case. I mean how can i access the attribute of a session in different action classes?
Also when i click on log out and after that i press the back button given in the browser it goes back to the previous page and user can change their details which should not happen. Please help !!
The back button "issue" is because you have not disabled page caching.
Sessions data is available in actions via the SessionAware interface.
Sessions are per-user (more or less, actually per-conversation, and how that's implemented varies somewhat across browser versions), not sure what you mean regarding concurrent users.
Some browsers (Firefox, Chrome) by design doesn't clean session cookies when you close them, if you set some kind of remember me switch (for example in FF go to Options->General->When Firefox starts->Show my windows and tabs from last time). It is a problem for our client (government agency...) while I do have absolute control over http server, I have no control over browser settings. The scenario is - they're used to share computer accounts, however they shouldn't be able to share web accounts - simply closing the browser should kill the session never mind the browser settings.
Is there an elegant way how to enforce that ?
Currently only solution that comes to my mind is some kind of dead man's switch (change cookies to live only for one minute (encrypted server side time stamp), and on every page have javascript "pinger" that will for 20 minutes ping every half minute some "prolong session" handler on the server (login session should be 20 minutes, sliding expiration).
You could try using HTML5s sessionStorage it lasts for the duration on the page session. A page session lasts for as long as the browser is open and survives over page reloads and restores. Opening a page in a new tab or window will cause a new session to be initiated.
sessionStorage.setItem("username", "John");
https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Storage#sessionStorage
Browser Compatibility
https://code.google.com/p/sessionstorage/
compatible with every A-grade browser, included iPhone or Android.
http://www.nczonline.net/blog/2009/07/21/introduction-to-sessionstorage/
In firefox a simple setup is require in order to prevent firefox to remember passwords when the browser closed:
enter to setup menu (top right)
select "options"
select "privacy" tab
change "history" from "remember history" to "use custom setting" or "never remember"
when "custom setting" is marked, change the cookies settings "keep until"
from "until expired" to "until I close firefox"
I have a javascript popup that alerts users when their session is about to expire.
On the master page > page load - if the user is logged in I do registerClientStartupScript and call setTimeout(showPopup, time). So that this is in effect on all pages.
My question is.. if session timeout is set to 20 minutes for example, and my popup is set show at 19 minutes.. when the user clicks "back" or "forward" in their browser window - does the session get refreshed and the 20 minutes restarts? or does it continue counting up from where it was when you clicked back/foward?
If the latter, is there a way I can refresh session on back/forward?
Hopefully this makes sense, I appreciate any help!
I have no much nore information about javascript but other web farameworks like jsf php etc the session starts when user opened the browser and session terminateted when user closed the browser and I think generally session scobe is not depend on programming languages
I am writing my first FireFox extension and I have some questions. Maybe someone can help.
I have a website which requires login. The sign-in is one user per login type. So if I am logged with the username "tom" from one PC and go to other PC and try to login with the same details, it fails. When I click the log-out button from my authenticated page, the new location executes a PHP function to log-out the user (updates the "logged" status of the user in MySQL). The problem is that if a user is logged in from his work desk and surfing the page then suddenly he gets a call by a friend to quickly grab lunch in his break and has to meet him in short time, he just clicks the X (close) button from Firefox, forgetting to press the log-out button so the status of the logged is still 1. Later on, if he wants to access the page again from home, he won't be able to log in.
So, I need to grab the "close" event from firefox somehow. I am thinking about looking for the ones that contain the "website.com" domain only. Then, if a tab is closed or the main window of Firefox is closed, send an unique key, and the username to that URL that logs out the user and the problem may be solved. I don't know if this is possible. Please post any idea (followed by code if you can) for this extension to be built.
Thank you.
By design, this is wrong.
If a user's PC crashes (harddisk failure, power failure) your plugin won't be able to log out the user. And so, the user won't be able to login on any PC.
--
Let's revisit the premise,
a. why does logging in from another PC need to fail?
b. How about invalidating the login from the previous PC (log out) when the user logs in to another PC. THis is kind of like how chat applications like Yahoo! Messenger work.
From your answers, here's what i would suggest: if the user is logged in on another PC, warn and present the user with options:
cancel logging in
forcibly log out the other user and proceed to logging in
Logging the user out after a certain time of inactivity is the (application or web) server's responsibility, not (only) the client-browser's. This is called a session timeout.
You might be able to avoid the timeout by a browser implementation as you describe it, but this should not be the primary solution.
Here's an off hand approach you might take:
In your case I would include a timestamp in the table where the 'locked' state is stored. Every time a user does an action that timestamp is updated. When you try to login again ad the timestamp is older that a certain threshold (e.g. 15min) your login code should silently logout the previous user.
In order to receive a notice about the tab being closed, you'll want to do something like this sample code. However, instead of listening for load, you'll want to listen for unload.
When you do end up getting notified about unload, you'll have to do a request to the logout page just like the web application does. You can figure out what the location of the document that is unloading is by checking aEvent.originalTarget.location.href. Note that aEvent.originalTarget will give you the document object of the tab that is closing. You'll then want to use an XLMHttpRequest for this in your event handler.
You could use ajax that would ping a page on the site - all the session info will be passed and you can verify that the user still has an active browser/page open. If Firefox crashes it won't be able to ping the website anymore and the session could time-out after 15 minutes. I think that allowing a forced logout on another sign-in would be best. Usually when I leave work at the end of the day I wouldn't close all the programs or logout or anything - just lock my computer to prevent anyone from using it. Next morning I come back with all my programs still running so I can continue where I left off.
BTW, Yahoo Web messenger probably uses some form of session-based cookies. That is, cookies are stored in memory and are gone when the tab or browser are closed.
Just enable to the user to re-login from another machine. And if you get a request from the user on first machine, ask him to re-login too. So you get a single logged in user at a time.