This week’s Uncle Pete’s corner will be covering the WebDev Session Timeout Issue and while we are at it we will also track the time a user spends logged onto the site to use for usage statistics later on.
The session timeout setting in WebDev determines how long WebDev keeps track of the users session before discounting them. Note we are discussing WebDev dynamic sites here, not AWP sites, AWP sites are a slightly different animal.
As with most things in the software development world, there is a compromise for session timeout. If you make it too long, then eventually your server resources will become an issue as the server is maintaining sessions for users that have actually left the site, however if you make it too short, users will get a timeout window (like below) and lose what they were working on.
First a little background on how to set the session timeout. With a WebDev dynamic site, WebDev automatically maintains session information for every connected user, this includes their status, what page they are on, and the value of any global variables. As we have discussed before with web development the server and the browser each live on their own site of a brick wall. The only time the two communicate is when the browser submits a request to the server. So when you request a page, the server renders that page and sends it to the browser. It then starts a timer, if it doesn’t hear back from that browser before the timeout value has been reached then the server will assume the browser was closed or moved on to another site and it will clear the session information for that connection.
This can be a real issue if you have an interactive site such as an SaaS business application. For instance, if your application is for entering accounts payable invoices, and in the middle of keying an invoice, the user gets a phone call, that distracts them. When they come back to your web application, they will have that ugly timeout message and will have lost their work. It is issues like this that separate windows applications from web applications.
What we will be covering today is a method to avoid this session timeout issue and while at it capture the total amount of time the user has be on your site, perhaps to be used for statistics in the future.
Session Time Settings
In the WebDev Administrator, on the configuration tab there is an option to set the timeout. This setting will be for all websites that do not have a custom setting.
Which brings us to the next setting, on the Sites tab you can set a custom setting for one website. This is useful if for some reason you need a different timeout value for specific sites.
Add a Field to the Database to Track Total Time on Site
Since we are going to capture the total time logged into the site, you will need to add a field to your user table to hold that information. In the image below you will see where I added a field called TimeOnSite to my User table. Notice that the Type is “Date”, but the Sub-Type is “Duration”. Duration is a special type of variable that holds time information in the format of # of Days, Hours, Minutes, etc.
Using a Page Template
If you are a regular reader, then it should not come as a surprise to you that a strongly recommend the use of page templates. This is a prime example of why! Since all the pages of my site use the same base page template I can add the code to the Page Template and it will be active on every page of my site. No fear of forgetting to include the code, or if I change the code in the future, I only have one place to change it.
There is only one line of code to add to the template. Place the code in the OnLoad (Browser Event) of the template. This sets up a timer event that will call the “RecordTime” browser procedure once every minute.
The RecordTime procedure is only one line of code, but that line of code is sure doing a lot! Remember this procedure will be ran automatically once every minute from every page of the site.
AJAXExecuteAsynchronous is making an AJAX call. AJAX is simply a way for the browser to communicate with the server without doing a full page submission and rerendering. There are two forms of AJAX calls. If you were to use AJAXExecute instead then the browser would halt and wait for a response from the server before continuing. Since this will be ran every minute, you don’t want to have any noticeable pause in the application for the user, so instead you do an Asynchronous call, which means that the call is submitted to the server and then continues on it does not wait for a response.
UpdateTimeOnSite is the procedure that is ran. This is a Server procedure. By submitting a request to the server, you have reset the Session timer. Since this will be called every minute, the inactive time for a session will never go over 1 minute as long as the browser is still active. As soon as the browser is closed or moves on to another site, the procedure will no longer be called and eventually the session will time out. We will look at the code of this procedure shortly.
AJAXCallBack is a procedure that will be ran when the server completes its task. If you have done ActiveX or COM coding this is similar to a callback procedure from those environments. We will discuss the possibilities for this procedure shortly as well.
This is the procedure where the real magic happens. Notice that it is a Server procedure and that it has been AJAX enabled.
If you don’t want to track the users time on the site, the only line of code that would be required is the Result ” “. Just the simple fact of making a call to the server is enough for the server to know the session is still active and to reset the inactive time. AJAX procedures can only return string results, so if you want to return a numeric or other data type you will need to place it in a string and handle it appropriately on the return.
The code inside the IF statement is to record the Users time on the site. CurrentUserID is a global variable that gets set with the UsersID once they log on, so if it is 0 the user is not logged on yet and there is not need to execute the code.
HReadSeekFirst fetches the specific User record so you can update it.
I can think Wolfgang Kirsch for the next line of code. I was using a much more complicated StringtoDurartion statement. Instead he suggested just adding 1 to the Minute property of the variable. Since TimeOnSite is defined as a duration it has properties for Days, Hours, Minutes, etc. the += 1 will increment the value by one minute, and since the procedure runs every minute, you can hard code the 1.
And of course Hmodify updates the record.
The AJAXCallback procedure is a browser procedure that is automatically ran once the server completes the procedure. It takes two parameters:
AJAXResult is the string value returned from the AJAX procedure.
AJAXCall is an integer value that indicate what process made the call. When you make the AJAXExecuteAsynchronous it will return an integer value identifying the process. If you want to write a generic Callback procedure you could use a switch statement to determine which code to execute based on this value.
Currently the AJAXCallback procedure is just a stub, with no actual code to execute. But there are endless possibilities for its use. You mission should you just to accept it is:
- Add a second variable to track time on site this session versus total time on site
- Add statics to the header of the template to display the current session time and total time and use the AJAX call back procedure to update their values.
- And for the Uncle Pete’s Bonus round, use the callback procedure to create a process that will ask the user if they are still work, and automatically save their work, and log them off if they do not respond. Hint: you will need to figure out how to tell if the user has been active or not, remember the procedure runs every minute regardless of user activity.
If there is enough interest (via comments made on this article) I will cover the topics above in a future post, or even better perhaps one of my followers will decide to dive in and present their code to accomplish the above task!
Be sure to go over to wxLive.us and watch the Uncle Pete’s corner webinar that is the companion to this article.
Uncle Pete’s Corner is weekly webinar on all things WX every Friday 7:15 AM CST (5:15 PST), to watch the recorded version of this webinar, many other WX related webinars or to watch future ones live go to wxLive.us