Home » Developer & Programmer » Application Express, ORDS & MOD_PLSQL » HtmlDb - automatic logout after NN minutes?
HtmlDb - automatic logout after NN minutes? [message #125559] Mon, 27 June 2005 10:30 Go to next message
AlexL
Messages: 2
Registered: June 2005
Junior Member
Hello!

How can I do HtmlDb application that automatically logs out after a few minutes of inactivity? Is there a parameter that allows to do it?

And, also, I wish to be sure that if somebody comes to my computer after logout, he/she can't see data by just pressing "Back" in the browser. Is here a way to do it?

Thank you in advance.
Re: HtmlDb - automatic logout after NN minutes? [message #125567 is a reply to message #125559] Mon, 27 June 2005 13:40 Go to previous messageGo to next message
andrew again
Messages: 2577
Registered: March 2000
Senior Member
1.) There is an idle time timeout at the database level, but you are almost certainly using a stateless environment, so that wouldn't help.
2.) You can set a cookie with an expiration date in the near future. So, on each page request, check to see if the login cookie has expired, if not, refresh it to a new time in the near future and then display the page.
3.) Use https. Just add some pl/sql to enforce it:
if OWA_UTIL.get_cgi_env ('REQUEST_PROTOCOL') != 'HTTPS' then...

4.) you can also use Javascript to prevent back button from being used to display the previous page. Whatever method you use, you need to make sure your approach is 100% bulletproof though. e.g. browser cache on disk, disabling Javascript etc.
Re: HtmlDb - automatic logout after NN minutes? [message #125854 is a reply to message #125559] Wed, 29 June 2005 09:04 Go to previous messageGo to next message
Frank Naude
Messages: 4579
Registered: April 1998
Senior Member
You can always add something like this to your HTML code:

<META HTTP-EQUIV="REFRESH" CONTENT="36000;URL=http://your/logout/url">


Best regards.

Frank
Re: HtmlDb - automatic logout after NN minutes? [message #133569 is a reply to message #125854] Fri, 19 August 2005 12:46 Go to previous messageGo to next message
Berzerker
Messages: 1
Registered: August 2005
Junior Member
Frank,
I have a silly question, and I assume the answer is no, but I'll give it a shot:

I've noticed that this doesn't work if there is an alert waiting for the user. Is there a way to override the alert and refresh the page anyway?

Here's my dilemma:

On our server, we log out people after no page hits in 30 minutes, but we've had people still filling out a form or something, only to hit submit and discover they've been logged out on the server.

After 25 minutes, I want to let them know they have 5 minutes to click a link to say they want to stay logged in. Clicking on the link generates a pop-up that says thank you and generates a Page hit in the database.

After the 5 minutes are up, I send them back to the login screen.

I've tried a few different things:

1) Use setTimeout to cause an alert after 25 minutes
Problem: After 5 minutes, I can't find a way to kill the alert button.

2) Using setTimeout (again), after 25 minutes, cause a popup (but onpurposely don't count this as a page hit in the background) that will count down 5 minutes, then logout opener and close itself.
Problem: The user can easily focus back on the opener by mistake and not see the pop up

3) Using setTimeout (once again), cause a hidden span to become visible after 25 minutes. This would count down the 5 minutes then redirect the page to the logout.
Problem: The span always goes behind pulldowns (select statements)

Thanks for any help in advance.
Re: HtmlDb - automatic logout after NN minutes? [message #135674 is a reply to message #133569] Thu, 01 September 2005 18:37 Go to previous message
andrew again
Messages: 2577
Registered: March 2000
Senior Member
One thing you can do if you use a GET not a POST, is to save the submitted URL (using OWA_UTIL.get_cgi_env('HTTP_REFERER') I think) and then redirect them to the logon page. After a successful logon, you redirect them the that save URL and the submit of the form completes. You need to make sure you don't exceed the max length of the URL (determined by the browser).
Previous Topic: Tutorials and self study books about Oracle HTMLDB
Next Topic: invalid object
Goto Forum:
  


Current Time: Thu Mar 28 16:43:13 CDT 2024