Tuesday, April 19, 2011

ADF Faces and that annoying session timeout popup

OK, you've all seen this and it's really annoying.  When the ADF session is about to timeout you get the popup appearing 2 mins before.  Then, if you don't click on it, it gets replaced with the actual session timeout popup.

While I understand the need to tell the user that the session is about to timeout, there should be some way to control this behavior.  Yes, you do need to code to handle the session timeout but at least the user shouldn't be bothered by it and they should just be asked to re-login (if required) or not notice the session timed out if they are an anonymous user.

There is a way to stop the popup occurring documented at: http://download.oracle.com/docs/cd/E17904_01/web.1111/b31973.pdf (see section 8.2.5).  While the doc says:

"StateSaving: Set to the type of state saving you want to use for a page.
...

However, there may be a page for which you which you want the state saved differently. For example, when a user posts back to a login page after an extended period of time, you do not want the session time out error to be displayed. By changing the stateSaving attribute on the page to client, then when the user posts back to the login page, the time out error will not display."


That's not exactly true.  All you are dealing with here is the view state.  All the controller state and everything else is still expecting the session to exist on the server and you'll end up crashing if you rely on this alone.

The bottom line is that you can turn off the popup using web.xml settings (see below) but then need to manage the session expiry yourself. This can be done if you follow Frank Nimphius's post on Detecting and handling user session expiry.  His post has you going to a specific page but you can also redirect to any URL including the request URL and get the behavior you want.


sample entries:
  • web.xml
    •   Session Timeout for debug
      • <session-config>
            <session-timeout>1</session-timeout>
          </session-config>
      • This is for debug so it times out after one minute.  *Don't Leave This In There*!
    • Turn off the popup
      •   <context-param>
            <param-name>org.apache.myfaces.trinidad.CACHE_VIEW_ROOT</param-name>
            <param-value>false</param-value>
          </context-param>
          <context-param>
            <param-name>org.apache.myfaces.trinidad.USE_APPLICATION_VIEW_CACHE</param-name>
            <param-value>false</param-value>
          </context-param>
          <context-param>
            <param-name>org.apache.myfaces.trinidad.CLIENT_STATE_METHOD</param-name>
            <param-value>all</param-value>
          </context-param>
          <context-param>
            <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
            <param-value>client</param-value>
          </context-param>
      • The setting of STATE_SAVING_METHOD to "client" will cause the popup to stop appearing
    • Create a filter to handle what happens when the session times out
      •   <filter>
            <filter-name>ApplicationSessionExpiryFilter</filter-name>
            <filter-class>portal.ApplicationSessionExpiryFilter</filter-class>
            <init-param>
              <param-name>SessionTimeoutRedirect</param-name>
              <param-value>SessionHasExpired.jspx</param-value>
            </init-param>
          </filter>
          <filter-mapping>
            <filter-name>ApplicationSessionExpiryFilter</filter-name>
            <servlet-name>Faces Servlet</servlet-name>
          </filter-mapping>

3 comments:

  1. This comment has been removed by the author.

    ReplyDelete
  2. Hello Spikey, Thanks for your helpful post. I am getting javascript popup 'A connection to server failed' across my website (Oracke Webcenter, Oracle HTTPServer)- on login button, on links within seconds of clicking. The popup come randomly - not always. I have already setup STATE_SAVING_METHOD as client and CLIENT_STATE_METHOD = token, CLIENT_STATE_MAX_TOKENS=15 and yet I get popup. Do you think I should add other parameters you have suggested CACHE_VIEW_ROOT & USE_APPLICATION_VIEW_CACHE to block the popup? Best regards, Ajay

    ReplyDelete
  3. hello, i have a problem, when open the ´page on a iframe then the alert shows every first time. how i can remove the alert ?

    ReplyDelete