Question

ShowUrl on SessionTimeOut

0

Similair to this question we need the trigger an event on SessionTimeout. Depening on how the user has entered the App (direct via login, of via SSO), the user should be redirected to another App. Tried to do this via DeleteBehaviour of an entity associated to the Session entity. On the Delete microflow a ShowPage (works). The Page has a microflowtimer The microflowtimer calls a nanoflow (when this works, the nanoflow does a OpenURL) The microflowtimer is not triggering the nanoflow (or as test a microflow. I suppose so fare this is because the clustermanager is running on the server, or the session is already half-way closed. Tried every variation on security, microflowtimer settings, but I cannot trigger the nanoflow. What is missing here, or is there another approach to Show an URL on SessionTimeout? Regards, Thijs

asked 2024-01-04

Thijs Schoemaker

3 answers

0

Hi Thijs,

Interesting use case. So I assume you set EnableKeepAlive to false to let the session actually expire? Do you test it locally by setting the SessionTimeout to a low value? (just curious)

The hard part here is that the Session expiration happens server-side and you want to trigger an action client-side. The on-delete microflow only can trigger stuff server-side, so having a MicroflowTimer is indeed required to trigger something client-side, but this must be a nanoflow, as the microflow won't be executed anymore once the session timed out.

Maybe it's possible to trigger a nanoflow which tries to execute a random microflow, if it fails: the session doesn't exist anymore? Not sure how error handling in nanoflows works.

UPDATE: this actually mimics a keep-alive, so won't work. As the LastActive attribute of System.Session is also only known server-side (and retrieving it would again mimic a keep-alive), this is quite a challenge. I think this might be possible: track all calls to /xas using some javascript (I've seen it working based on this) and calculate in your nanoflow that the session is probably expired.

Otherwise, I think you need some REST endpoint to call and ask: is my session alive? But that's security-wise not really safe, as it needs to be public.

UPDATE: the session id is send in every request anyways, so this is not unsafe per se. I think having a public REST endpoint which returns a boolean whether the object exists and call that from your nanoflow using mx.session.sessionData.sessionObjectId as input is the way to go.

Let's see where we can get!

answered 2024-01-04

Johan Flikweert

0

Maybe you can try with this widget : https://marketplace.mendix.com/link/component/118716

or with a html snippet on the page using this command : window.location.replace("yourURL");

If you have indeed managed to display the page to the current user just before the session timeout, then I guess you did the more complicated part.

answered 2024-01-04

Yehoshua Choukroun - Tocndix

Johan Flikweert · Accepted Answer · 2024-01-04

Couldn't stand the challenge, got something working here. 😊 You can put this in javascript snippet or javascript action. You will get an alert with Goodbye before you're gone:

const nativeFetch = window.fetch;
window.fetch = function (...args) {
  //console.log('detected fetch call');
  const prom = nativeFetch.apply(window, args);
  prom.then(response => {
    if (response.status == 401) {
      alert("Your session expired, goodbye!");
    }
  });
  return prom;
};

Up to you to make it a bit fool proof and steady!