Unable to make session timeout mechanism to work at all

asked 2016-10-24 07:41:54 +0800

mortella
1 ● 1

updated 2016-10-24 08:33:33 +0800

Hi there ! We develop web applications from Zk 6.5 and have never seen session timeout work properly :( I tried tons of combination of the timeout configs, no success...

Now my config is:

• zk 8.0.3.1
• jetty 9
• web.xml timeout: e.g. 1 hour
• zk.xml:

<session-config>

<device-type>ajax</device-type>

<session-timeout>30</session-timeout>

<automatic-timeout>true</automatic-timeout>

<timeout-uri>/timeout.html</timeout-uri>

</session-config>

• page: no running timers at all

According to the documentation I except:

after 30 seconds of inactivity the page will be redirected to timeout.html (and probably the session will be invalid or a new one).

What happens:

nothing, when I click a button after 30 sec, i got js alert page with the message:

The server is temporarily out of service. Would you like to try again? (expected expression, got '<' (SyntaxError))

Any help is appreciated

morti

Edit:

Ok then, mistery solved, problem not:

• after 30 seconds 2-3 auRequest came in and ended in 'garbage' because meyAccessFilter found no 'authenticated user' attribute in those sessions and sent redirects to login.html.
• browser showed no error alert for the 'unanswered' requests
• on first real action (eg. button click) happened the same but got the error alert up there...

Quick fix was add /zkau* paths to my "unprotected" contexts, for which my AccessFilter do not check authorization, but only a simple doChain().

Now I get what I wanted to see, but zk requests now are unprotected. I dont want to figure out these 2-3 request's special characteristics to let only them unprotected :(

Is there any solution besides filtering out the specific auRequest ?