Our application has a 30 min auto-expiring session - the session is renewed on server communication. What is the best way to communicate an expiring session to the user? My initial thought is a to display a modal warning shortly before expiration with "your session is about to expire [continue]" (better wording?) which allows the user to continue (communicating in the background to renew the session). • Is it ever appropriate to display a session timer to the user? • Is it ever appropriate to expire a session without the user having an opportunity to extend it? • Do users need to be aware of when the session will expire as long as they will have the option to extend it?For more understanding : click
<%@ page import = "com.kartik.config.SessionUtil" %> <html> <head> <script type="text/javascript"> ///////////////////////////////////////////////////////////////////////////// //////////////////Below code for Right click disable///////////////////////// //////////////////////////////////////////////////////////////////////////// window.onload = function() { document.addEventListener("contextmenu", function(e){ e.preventDefault(); }, false); document.addEventListener("keydown", function(e) { //document.onkeydown = function(e) { // "I" key if (e.ctrlKey && e.shiftKey && e.keyCode == 73) { disabledEvent(e); } // "J" key if (e.ctrlKey && e.shiftKey && e.keyCode == 74) { disabledEvent(e); } // "S" key + macOS if (e.keyCode == 83 && (navigator.platform.match("Mac") ? e.metaKey : e.ctrlKey)) { disabledEvent(e); } // "U" key if (e.ctrlKey && e.keyCode == 85) { disabledEvent(e); } // "F12" key if (event.keyCode == 123) { disabledEvent(e); } }, false); function disabledEvent(e){ if (e.stopPropagation){ e.stopPropagation(); } else if (window.event){ window.event.cancelBubble = true; } e.preventDefault(); return false; } }; ///////////////////////////////////////////////////////////////////////////// //////////////////Below code for Inactivity functions below are used to ////// /////////////////automatically redirect the page to the ///////////////////// /////////////////logoff script when the user's session is up.//////////////// //////////////////////////////////////////////////////////////////////////// var secondsPassed = 0; function ShowTimePassed() { var minutesBeforeLoggedOut = 1;//before one minute one confirm message should be display var minutesToWarning=document.form.sessionTime.value;//get the time for in-activity time secondsPassed+=1; if(minutesBeforeLoggedOut == -1) { if(secondsPassed == 30) { secondsPassed = 0; } } else{ if(secondsPassed ==minutesToWarning*60) { var answer; var currentTime = new Date(); var expiredTime = new Date(); var minutes = expiredTime.getMinutes(); minutes+=minutesBeforeLoggedOut; expiredTime.setMinutes(minutes); if(minutesBeforeLoggedOut==1) answer = confirm("It is now "+ currentTime.toLocaleTimeString()+" You have "+minutesBeforeLoggedOut+" minute left before getting logged out. Do you want to extend the session?"); if(answer){ secondsPassed = 0; currentTime = new Date(); if(currentTime>expiredTime){ alert("You've exceeded the time needed to extend the session. You will be logged out now"); var path='<%= request.getContextPath() %>'; var url=path+"/logout.do"; window.top.location=url; //window.location=url; } } } } } window.setInterval('ShowTimePassed()', 1000); </script> </head> <body> <% String url = System.getProperty("configMaintenanceOption"); if(url !=null && url.equalsIgnoreCase("TRUE")) { %> <body onLoad="ShowTimePassed();" onKeyPress="ShowTimePassed();" onmousemove="ShowTimePassed();" onclick="ShowTimePassed();" onscroll="ShowTimePassed();" oncontextmenu="return false;"> <form name="form"> <img src="<%= request.getContextPath() %>/images/headergrey.gif" /> <input type=hidden id="sessionTime" name="sessionTime" value="<%=SessionUtil.SESSION_TIME_OUT%>"> </form> </body> <%}else{%> <body oncontextmenu="return false;"> <form name="form"> <img src="<%= request.getContextPath() %>/images/headergrey.gif" /> <input type=hidden id="sessionTime" name="sessionTime" value="<%=SessionUtil.SESSION_TIME_OUT%>"> </form> </body> <%}%> </body> </html>