CoreBOSBB
Session duration for webservice - Printable Version

+- CoreBOSBB (https://discussions.corebos.org)
+-- Forum: Development (https://discussions.corebos.org/forumdisplay.php?fid=18)
+--- Forum: coreBOS Development (https://discussions.corebos.org/forumdisplay.php?fid=4)
+--- Thread: Session duration for webservice (/showthread.php?tid=534)

Pages: 1 2 3


RE: Session duration for webservice - joebordes - 12-22-2016

:-)


RE: Session duration for webservice - Guido1982 - 09-19-2017

Still working through this. I've created a script that does a simple account retrieval which is fired by a JS event event couple of minutes. Still after some time (about 45 minutes) the session expires. I've now set Webservice_Session_Life_Span to 10800 explicitely (3 hours, assuming the value is seconds). I've started a test window that I'll keep open and noted the time I opened it. Let's see how long this will work.

One thing I was wondering about. I don't have much experience setting sessions and/or cookies. Could it also be the session cookie has a maximum survival time? Which would mean I'm searching in the totally wrong direction.


RE: Session duration for webservice - Guido1982 - 09-19-2017

Well, you'll always see this.. I've had the same window open for two hours and ten minutes now and no problems. Was able to navigate to antoher page without being returned to the login page (my default action when the session has expired)....


RE: Session duration for webservice - joebordes - 09-19-2017

As far as I recall, it shouldn't timeout on you.


RE: Session duration for webservice - Guido1982 - 10-16-2017

I think I have a better grip on this now. I've learned that I really don't know anough about PHP sessions. I think the session cookie expires when a device (this specific portal is used on tablets mostly) goes into some sort of sleep mode, killing the browser session. I'm going to experiment with the session_set_cookie_parameters function to see if I can build something that outlasts even a sleep-mode, by setting a really long lifetime for the cookie.


RE: Session duration for webservice - joebordes - 10-16-2017

Let me know if I can help and keep me informed.

Thanks


RE: Session duration for webservice - Guido1982 - 10-23-2017

OK, so to document this: maybe redundant but anyway):

The Client library performs a challenge and receives a servicetoken, and an expirytime for that servicetoken. Then it performs the login, using that servicetoken. The login needs to happen within 5 minutes (unless otherwise set in the challenge), so before the expirytime. The expirytime has nothing to do with the expiry of the actual session, it's just the time the servicetoken has to do a login. Is that correct?


RE: Session duration for webservice - Guido1982 - 10-23-2017

I would like to have some native "checkSession" function in the app. Now I retrieve a single account to test, but this isn't really the best way I think.


RE: Session duration for webservice - joebordes - 10-23-2017

Your description above is correct, that expire time is only for the service token, it has nothing to do with the session.

Can you elaborate a little bit more on that checkSession? I'm not following.


RE: Session duration for webservice - Guido1982 - 10-24-2017

I have a portal that is alive 'all the time'. I've built an AJAX call that checks in with the server and collects one account field for the first account available. The response lets me know if the session ID is still valid. When not valid, I prompt the user to re-login. I'd like some kind of dedicated function here, like 'validateSession' or something, that returns the validity of the session. I think that would be a little neater than collecting a random account.