Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is the best way to protect user inputs (not yet submitted) from session timeout?

Tags:

java

web-applications

I develop and maintain small intranet web apps(JSP and Resin).

Some users takes so much time to complete the forms that, when they submit, they lose all their input data because of session timeout.

Currently I prolonged session timeout to 30 minutes and display count-down clock till session timeout on top of the page, but, I think their must be better ways to protect user inputs.

What is the best practices?

Addendum Our users make several kind of reports with the web-app, and the whole contents of each report are stored in a JavaBean stored in the session.

As suggested by some, Ajax or iframe should do the quick fix.

I now know that it is better not to abuse session with heavy objects, but I'm not sure how best to refactor current mess. Some people suggested to make the web-app stateless. Any suggestion for refactoring is welcome.

like image 862
ulm Avatar asked Dec 05 '22 07:12

ulm

2 Answers

This may or may not be the case with your framework, but I think that if your page just uses AJAX to call the server every five minutes (or whatever), then that will keep your user's session alive. You don't even have to do a partial save of your form this way.

like image 176
MusiGenesis Avatar answered Jan 01 '23 07:01

MusiGenesis

Make your applications stateless on the server side. You can include any state you need to maintain in hidden input fields. If security is a concern then you can encrypt the data before putting it in the field.

An example is putting something like this in your form:

<input type="hidden" name="user" value="bob" />
<input type="hidden" name="currentRecordId" value="2345" />
<input type="hidden" name="otherStuff" value="whocares" />

The main advantage of this is that your web app can do everything it needs to with just that page. It doesn't need any session variables because everything it needs is in the page it just received. Now it doesn't matter how long they take because there is no session to expire.

A secondary advantage is that it reduces the load on your server because it isn't polling your users periodically.

like image 32
Jere.Jones Avatar answered Jan 01 '23 06:01

Jere.Jones
Sign in to Comment

Related questions

Optional<List<T>> for Empty List in Repository Layer Returns Optional.empty . How do I change it to return Optional[[]]
Collectors.groupingBy() returns result sorted in ascending order java
ExoPlayer switching media source without black screen
How to create an int[] with fixed length and specific number with java stream? [duplicate]
Java is said to ignore extra whitespace. Why does c=a++ + ++b not compile without the spaces?
IllegalStateException using CriteriaBuilder for getting a List in Java
How to get the new value of new replaced string? [duplicate]
Stack overflow on hibernate caused by one to many relationship
Nexus Repository Manager - removing old binary resources
`java` command is not found from this Python process. Please ensure Java is installed and PATH is set for `java`
Spring Tool Suite Maven Configuration Problem
How to achieve Runtime polymorphism in java
Java Stream API collect method
How to find nested elements by class in Selenium
Can't start tomcatv9.0 in Eclipse
why java8 streams consumer andThen method?
Java: Instance double arrays element values modification issue
What is a default Spring Boot Application Context? [duplicate]
Zipped String from 2 (or more) Strings - "AB" + "YZ" = "AYBZ"
Most concise way to read the contents of a file/input stream in Java?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!