"Idle Session Timeout Seconds" is calculated using the user activity at the server side. So even if a user is inputting data in a form, but not submitting the page before the "timeout" settings the user will get timed out and lose all the data he entered. Can we capture some key events at the browser and send to the server intermittently, which prevents the server from session out? This is a problem for the practices which prefer to keep the timeout seconds very low , say 15 minutes.
Can this create any security threat?
I think that would be a good thing to do. But I wouldn't add yet another server request, but rather add the logic to one that already exists (see for example interface/main/daemon_frame.php).
I must be missing something, but your suggestion doesn't make any sense to me. There is logic in the timeout mechanism which explicitly prevents the daemon frame from resetting the timer. I don't see how daemon_frame is relevant.
Kevin, read my suggestion again. I'm saying that daemon_frame.php is a good place to add appropriate logic, I.e. that it's better to modify an existing module that periodically invokes the server than it is to create a yet another one.
Rod, I know that we disagree on how best to handle cross frame communication, so before we fall too deep into that rat hole again. Here is my last comment on this topic.
Eldho, feel free to follow Rod's suggestion, but my instinct is that if you try to do it with daemon_frame.php, you are also going to have to make changes in auth.inc as well and the overall solution is going to be more difficult to maintain. It will also be very difficult to get daemon_frame to respond to keypress events that occur in the other frames. Daemon frame generates a periodic event (every 2 minutes) , but the keypress events you wish to trigger on do not occur periodically. They happen at a pace that is determined by the user actions.
Of course there will be code changes. Difficult??? All it requires is a logical approach, to be determined.
I don't think it's right to ping the server on every key press. So doing it periodically makes sense. Doing it periodically with yet another new module for that purpose does NOT make sense.
This is not to defend daemon_frame. If someone wants to replace it with something else, fine, let's discuss it. But in a different thread please.
Log in to post a comment.