Dynamic Web Development with Seaside

18.5Catching the Session Expiry Notification

Sessions last a certain period of time if there are no requests coming in, after which they expire. The default is 600 seconds or 10 minutes. You can change this value to any other number using the configuration interface (see Section 3.6.6), or programmatically using the following expression:

"Set the session timeout to 1200 seconds (20 minutes)"
anApplication cache expiryPolicy configuration
at: #cacheTimeout put: 1200

Depending on the type of your application you might want to increase this number. In industrial settings 10 minutes (600 seconds) has shown to be quite practical: it is a good compromise between user convenience and memory usage.

When a session expires Seaside sends the message WASession>>unregistered to WASession. You can override this method to clean up your session, for example if you have open files or database connections. In our small example this is not really necessary, but to illustrate the functionally we will now logout the user automatically when the session expires:

InnSession>>unregistered
super unregistered.
user := nil

Note that at the time the message unregistered is sent, there is no way to inform the user in the web browser about the session expiry. The message unregistered is called asynchronously by the Seaside server thread and there is no open connection that you could use to send something to the client — in fact the user may have already closed the browser window. We will see in the next section how to recover if the user does try to return to the session.

Copyright © 19 March 2024 Stéphane Ducasse, Lukas Renggli, C. David Shaffer, Rick Zaccone
This book is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 license.

This book is published using Seaside, Magritte and the Pier book publishing engine.