Handling session timeouts.
Hi again.
I've encountered a few problems with the session timeout mechanism of Bonita and wondered whether anyone had any solutions..
First: If you open a form, fill it out and wait for longer than the configured session timeout before clicking "Submit" the system diverts you to the login screen but silently throws the form contents away (ie: the task is not executed), leaving the user unaware that he/she has failed to perform the task. Is there a way to detect this as an error in the form and present the user with an error message?
Second: When "GET" requests are triggered within a form after the timeout, the data that comes back is the HTML content of the login page not (as one would hope) a JSON page indicating a problem.
Third: Setting session-time to more than an hour in the web.xml file causes Bonita to return an error 500 if pages are called for after an hour but before the configured timeout. This seems to be resolvable by setting bonita.tenant.session.duration (default value: 1 hour) to a value higher than the session-timeout, but that begs the question: why are there these two mechanisms in place? And suggests there is a bug with the handling of the duration value.
Chris
Hi Chris,
I got a slight different behavior that the one you describe. When I'm sitting on a form long enough for the session to timeout, on the submit I'm not redirect to the login page but I get an error message. Then if I try to refresh, I get redirected to the login page. To detect it, I think you could build a custom widget, that checks the return code, if it's 401 Unauthorized, you could implement a specific behavior.
For the GET call in a displayed form, I reproduced the same behavior. Not sure how to workaround this one.
I didn't try to long session thing. I did try to set up a different timeout session for Tomcat and the Bonita session, the Bonita session was the one that keeps the application alive. Not sure what is the use case where you want to set up different values though.
Lio