Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is the best way to protect user inputs (not yet submitted) from session timeout?

I develop and maintain small intranet web apps(JSP and Resin).

Some users takes so much time to complete the forms that, when they submit, they lose all their input data because of session timeout.

Currently I prolonged session timeout to 30 minutes and display count-down clock till session timeout on top of the page, but, I think their must be better ways to protect user inputs.

What is the best practices?


Addendum Our users make several kind of reports with the web-app, and the whole contents of each report are stored in a JavaBean stored in the session.

As suggested by some, Ajax or iframe should do the quick fix.

I now know that it is better not to abuse session with heavy objects, but I'm not sure how best to refactor current mess. Some people suggested to make the web-app stateless. Any suggestion for refactoring is welcome.

like image 862
ulm Avatar asked Dec 05 '22 07:12

ulm


2 Answers

This may or may not be the case with your framework, but I think that if your page just uses AJAX to call the server every five minutes (or whatever), then that will keep your user's session alive. You don't even have to do a partial save of your form this way.

like image 176
MusiGenesis Avatar answered Jan 01 '23 07:01

MusiGenesis


Make your applications stateless on the server side. You can include any state you need to maintain in hidden input fields. If security is a concern then you can encrypt the data before putting it in the field.

An example is putting something like this in your form:

<input type="hidden" name="user" value="bob" />
<input type="hidden" name="currentRecordId" value="2345" />
<input type="hidden" name="otherStuff" value="whocares" />

The main advantage of this is that your web app can do everything it needs to with just that page. It doesn't need any session variables because everything it needs is in the page it just received. Now it doesn't matter how long they take because there is no session to expire.

A secondary advantage is that it reduces the load on your server because it isn't polling your users periodically.

like image 32
Jere.Jones Avatar answered Jan 01 '23 06:01

Jere.Jones