Hi,
does anyone uses non-default heartbeat and session timeouts?
I consider using 5 min session timeout and a heartbeat intervall of 2 minutes. To remove sessions early if a user closed all Browser/Tabs.
But what happens if a user has some Tabs open and the server puts some Tabs into sleep (energy saving settings), then no heartbeat will be made or?
My experience is that 30 seconds pr less is too short for heart beat interval and can lead to unexpected closing of the session ehen Browser tab sleeps. I recommend thus minimun one minute. Remember to set closeIdleSessions to true as well.
(Browsers throttle JS intervalls even down to 1 / minute nowadays)
Hi,
vaadin.closeIdleUIs is per default set to false?
Does that mean, das a closed UI is removed after session time out?
But would it not make sense to remove a UI directly once its not open anymore?
@Leif i think this topic relates good to our previous conversation. I have an admin view where i count e 200 sessions but only 101 active UIs.
Am i right, that those 99 sessions (without UI) are kept because closeIdleUIs or closeIdleSessions is per default false?
I dont have an idea why there a so much idle sessions with no UI. Because the users for example work in a view. Close the Tab and then some minutes later they come. In this case the session should be reused or?
Do you have any idea how to check where those sessions come from? But for from my POV those sessions with no UI, can be removed earlyer. They are unnecassary or?
Yes, This depends ofcourse what you want and what is the desired behavior. Say you have session time out of 30 mins, and you close browser tab, yes the UI is closed almost immediately as Vaadin will catch the beacon request from the browser (Safari, Chrome, Edge) and the session will be lingerign there until session timeout comes.
Naturally if your user reopens the app, the session is reused. And session timeout is reset.
There are very different kinds of apps. Some are open for whole office hours, some apps are used in very short sessions. I.e. user comes in, checks one thing, and then goes away. In that case it makes sense to make the session timeout short, say 5 mins or so. It may be also making sense to have closeIdleSessions=true, as then we are kicking the user out in 5 mins (we think he just forgot to close the tab).
The idea of the default settings is not that they would fit all scenarios.
Thank you. Its a mix of some users stay logged in and other come, stay 2 minutes and go.
I see a problem when users has “auto delete website data” activated in their browser. Then each time they close the browser and visit the app, a new session gets created. I dont know it closing a tab can also remove its cookies in some browser (?).
Currently i see that that i have for examle 180 Sessions, but only 80 has a active view. The others will be kicked after http.timeout right? Actuall i have only http.timeout set to 12 minutes closeIdleSessions is default (so false)
But is it really woth it to handle those sessions? Its not that big without an UI attached isnt it?