Posted: 16 May 2018 4:03 EDT Last activity: 10 Jul 2018 9:35 EDT
Session timer is not getting reset upon Client side events, it is only working with any ajax calls/server side actions
I have implemented my session timer as per one of the suggested PDN post (Please find the attachment for the code I implemented).
This code is working fine with both SSO and Non SSO users but only in case of any ajax calls/server side actions. Like when the portal is loaded, the timer starts its countdown till the window period defined in the parameter and when it hits the window time we got a popup describing the session logout is going to happen in timeout time(you mentioned in parameter).
The timer is getting reset when we do any Server side action/ajax calls(opening a work object , refreshing sections etc.)
But if portal is loaded and we are just clicking/scrolling anywhere in the portal(Client side actions), the timer is not getting reset it is still throwing the popup when window time is reached.
As I think, ideally if a user is clicking/ scrolling anywhere in the portal(Client side actions) it should not be counted as ideal but the code is not working for this behaviour. Please suggest about this.
The session timer is working as designed. It doesn't reset on user actions like mouse move or scrolling. It only resets when client to server interactions occur like you have noticed. Has nothing to do with your customizations at all.
The session timer is used to hande server side session idle authentication timeouts, not user activity in the UI that doesn't cause client to server interactions.
For SSO client to server interaction has to occur to reset SSO idle timeout timer when using products like WebSEAL, Siteminder or Oracle SSO. These have components sitting before PRPC and have idle timeouts that are not related to user actions in a UI that don't cause client to server interaction. Traffic as to flow through these component to reset their internal idle timeouts.
If using our SAML or our LDAP implementation and the AuthService record is set to "Use Pega-RULES timeout" a client server interaction is needed to reset the PRPC authentication idle timeout at the requestor level.