Smarter session handling for Vaadin applications
SmartSessions is an experimental add-on to support more advanced session handling than what Vaadin provides by default. It consist of a special servlet and extended client side engine.
Add-on is currently very little tested, only on Safari and IE and I don't suggest putting it to production use without extensive testing.
Working with "lazy" components keeps session active. So users typing long email using your VMail application will never lose their message. On standard Vaadin (and most other web apps) session might expire as no communication happens between the server and the client.
Before actually expiring the session, show a notification and count down watch. With configuration options developer can specify what happens on actual session expiration:
- show notification
- clear screen and show notification
- redirect to specified url
SmartSessions shares data on client side via cookies. This way if another window is open and active, the other should not get an (obsolete) warning.
In "keep alive mode" open windows will never expire nor see warnings. Except if session is expired due to network problems or if computer sleeps.
If redirecting to another url on session expiration (core Vaadin feature), the last desperate request should not happen (and affect a re-creation of a session).
- config your application to use org.vaadin.smartsessions.SmartSessionServlet instead of the default Vaadin servlet (most commonly defined in web.xml)
- rebuild and use widgetset with this add-on in your classpath
TODO list for the project:
- Two modes: application wide and session wide mode (all webapps using the same session). In session wide mode e.g. another (even non-vaadin) web app also extends the session, in application wide mode vaadin apps can be killed (and GC'd) without invalidating session.
- modify warning appeareance
- Clean termination of session (eg. auto save unsaved document)
- Figure out how this ties together with DontPush (websockets), the original inspiration for this add-on.
- Portal support
fixed bug: no more invalid chunk messages from tomcat
new features (all configurable via init parameters, see project web.xml for examples):
SessionExpiredUrl, forwards to specified url when session has expired. Similar is often used on e.g. online banking systems.
ClearScreenOnSessionExpire, clears the screen when session expires (except for the "Session expired" message). Kind of a light weight version of above combined static session expired page. Might be good enough for some apps that require good privacy.
ForceKeepAlive, the client side automatically extends the session even if no activity on the client. Still expire on browser crass, if network is down or e.g. computer is put to sleep. So this is not the same as setting your web apps sessions to never expire.