infinite sessions

Vaadin 6 / 7 / 8
1

Hi all, could anyone please tell me which parameters do I have to set in web.xml to set the session timeout to “infinite”?

Thanks very much for your help,
Marco

2 
<session-config>
    <session-timeout>-1</session-timeout>
</session-config>

…although that probably isn’t the best way to do it. You can use other techniques like Heartbeat (Vaadin 7) or polling (Vaadin 6: Refresher)…but there should be plenty threads on this forum about this topic.

3

Thanks Marius for your reply. Actually I was already using that parameter, but it doesn’t work, at least not for me.

This is what I do:

  • I open a Firefox tab and I enter the URL
  • I login to the application
  • I close the Firefox tab and open another one, with the application URL
    By doing so, I am presented the login window again.

Is it anything connected with using a different UI window?

Thanks a lot,
Marco

4

It seems to me that the session is still open if I access the application url through the same browser AND ALSO the same tab.
I probably found a way to circumvent my specific problem, and I’m testing it in the next days – but my question is: how can Vaadin distinguish between two different tabs opened in the same browser?

Thanks for your answers,
Marco

5

Isn’t that the expected behavior? Why would a browser “remember” session cookies when you close the tab that it was running in. If you open a tab and login, you should be able to open another tab and access the UI URL and it should render, and then you could close the first tab. But once no tabs are open, I’d expect the browser to not keep session cookies with that web site.

6

Hi David, thanks for your answer.
You are right, that was the intended behaviour, but it wasn’t what I got.

It turned out it was a problem on my UI initialization, so I modified that: now I store the AUser object into the VaadinSession, not in the single UI, and if AUser is not null on UI initialization then a default view is opened.

Thanks,
Marco

7

Well, I was wrong: this is exactly what the customer wants from me: to close the browser, come back a couple of days later and find the session open.

Is there a way to tell Vaadin not to close the session when the last UI is closed? I tried closeIdleSessions=false, but it seems not to do that.

Thanks a lot,
Marco

8

Not sure, but that’s an odd requirement, and would be a huge security issue for most applications.

What does your application do that they just cannot re-login later?

You could consider trying to keep whatever “interesting state” there is yourself so when they come back in you can restore it. We do something like that for open tabs within the Vaadin tabsheets, so when they come back we can re-open what they were last on. I’m not sure if there’s a hook so you can save a Vaadin UI (it is serializable, so perhaps it can be done) and then restore it yourself.

9

Nothing special. It’s just that customers are so lazy. :frowning:
I tried to explain all of the downsides of such a solution, but I was not lucky.

I solved the problem by setting persistent cookies which store username and password, and then automatically perform login by reading them back. I know it may be a security hole, and in fact it is disabled by default, but that’s what they absolutely wanted… :frowning:

Thanks a lot for your help though,
Marco