Short version: How are sessions intended to be handled in a substantial web application?
Long version:
I’m new to web development, so I’m unfamiliar with some of the tools and terminology. I’ve been using Vaadin to prototype GUI applications and write little one-off demos at my office. I enjoy working in Vaadin, and I’d like to expand to using it for more applications of more substance and in production code. But every time I see that red “Session Expired” message pop up, I feel forced to re-think that idea.
Expiring sessions seems appropriate for applications that require a log-in to access sensitive information, but otherwise they are just an unpleasant experience for the end-user. I am troubled, though, because all the Vaadin demos I’ve seen include noisy session expiration alerts. For example, the
Vaadin Sampler
is handy when I’m doing development and want to see a widget in action. But I leave the window open while I write some code and when I return I have to have to go through the disruption of refreshing the whole page and then navigating back to where I’d been.
What I want is for end-users to never be affected by session expiration. It would be acceptable if sessions expired and re-initialized transparently; for example, if a user could click a widget in an expired session window and have it re-initialize the application, restore their previous session state, and then register the widget-click.
Is this possible, or am I just misunderstanding what Vaadin is useful for?
I am aware of the
SmartSessions
and
Session Guard
add-ons, but I’m concerned that if I need an add-on for what seems like a fundamental capability then I’m probably misusing the tool. (But maybe I’m wrong and I should treat this as just a weird oversight in development?)
I’ve seen other posts on this forum that appear to mirror my confusion, so perhaps this is something that could be added to the documentation.