Free Software

Software Engineering with FOSS and Linux

Preventing session expiration with AJAX

Lately I have noticed an increase in issues related to session expiration in web pages. There are two cases that come to mind:

  • Traditional forms that may take the users too long to fill and submit, perhaps because they need to seek data from several sources, such as curriculum info or references.
  • Rich Internet Applications, which may delay to communicate with the server long enough for a session to expire, even though the users act under the delusion of a constant communication and a consistent state of their data.

Increasing the session timeout is only a partial solution, as it affects the server load and doesn’t fully address the problem since users may still face an unexpected session timeout if their behavior diverts from the expected scenarios. A better way is to use a simple AJAX call to periodically renew your session, as long as your web page is still open in the browser. You can do that using the setInterval() JavaScript function or its equivalent in the framework of your choice. With jQuery, you could use something like this:

    $(document).ready( function() {
        var refreshTime = 600000; // in milliseconds, so 10 minutes
        window.setInterval( function() {
            var url = 'http://mysite.mydomain/refreshSessionURL';
            $.get( url );
        }, refreshTime );
    });

The url variable should point to a page that does nothing but refreshing a session. If your application is in PHP, a simple session_start() will do.  If you are using an MVC framework, you could use a controller that renders nothing back and let the framework handle the session renewal.

One possible caveat using this approach is AJAX caching. If it is enabled (some browsers, including IE, enable it by default), it is possible that only your first call will be sent to the server. There are two approaches. The most simple one is to disable AJAX caching completely. In jQuery, this can easily be done using a $.ajaxSetup( {cache:false} ) call. Another possible way is by attaching some random parameter to your session-refreshing URL that will be ignored by the server.

Finally, you should be aware of the security implications of never letting a session to expire. Depending on the requirements of your application, you should consider using a user inactivity test to prevent session renewal or even cause a session to expire.

June 19, 2010 - Posted by | Programming, web | , , , , , ,

6 Comments »

  1. […] here to read the rest: Preventing session expiration with AJAX « Free Software No […]

    Pingback by Preventing session expiration with AJAX « Free Software | Programming Blog Imagik.org | June 19, 2010 | Reply

  2. […] Preventing session expiration with AJAX « Free Software […]

    Pingback by The Basic Equipment Needed For A Football Training Session Plan | enchanted-attic.com | June 19, 2010 | Reply

  3. Good point!

    Comment by AHHP | July 4, 2010 | Reply

  4. Hi ,
    I have s:file upload tag in my jsp.and one sx:autocompleter tag.
    if i change the element in sx:autocompleter the ajax to work.
    But the s:file tag is preventing not to work ajax properly.
    Can you give me some idea.Pls…..
    Im trying this for past one week…..
    Thanks in advance.

    Comment by Swathi | June 27, 2011 | Reply

  5. With havin so much content and articles do you ever run into any
    issues of plagorism or copyright infringement?

    My website has a lot of unique content I’ve either written myself or outsourced but it looks like a lot of it is popping it up all over the web without my agreement. Do you know any methods to help stop content from being ripped off? I’d certainly appreciate it.

    Comment by Anke | July 26, 2013 | Reply


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: