Here is the thing : my webapp has loads of popups and my boss wants 'em closed on session expiry, coz when session expires and an user presses refresh on a popup, he is being shown the logon page -> user logs on -> user is directed to the dashboard. Now, a dashboard screen in a popup is totally uncool. Here is where google got me:
Have javascript to close popup onload. Generate this onload script into the response if session has expired (checking session expiry from jsp and including onload script conditionally).
Do you think this is a good way to it? What is the best practice for this scenario?
P.S: I am not allowed to use AJAX
In a past life, I made a popup manager object that maintained what windows were open. You should probably make one of these if not already done. Then, you can use setTimeout to call a function after so many minutes (or whatever time you want) have gone by. This will check for recent activity (probably via AJAX) and close the popup if you determine that the session has expired. If not, call setTimeout again with your new time, properly adjusted for most recent activity.
^^before the AJAX edit.
Well, since you can't use AJAX, can you put something in the url that will tell you it's a popup? Then you'll know not to show the login screen when the user hits reload.
The best way would be an XMLHTTP request to check login and close them if required - do this periodically.
Astute readers (meaning everyone) will notice that this is an AJAX request, but if you phrase it that way it might get accepted as whoever dictated that you 'aren't allowed to use AJAX' is clearly an idiot.
An alternative way to implement modal dialogs in a web application is to:
Model the dialog in a DIV, default styled to display: none;
On desired action, inject/append the Modal dialog DIV into the page source
Reset the CSS display so the modal dialog DIV is visible, overlaid on top of the page by setting the CSS z-index property
Make the modal dialog disappear upon either successful execution or the user cancelling out
Because the modal dialog is part of the page source, the dialog will disappear when the session times out. This approach doesn't spawn supporting windows that can be orphaned as the poster is attempting to address. And it fits the requirement of not using AJAX.
You can code these by hand, but I don't really recommend it because of having to support various browser. I suggest looking at the Yahoo User Interface. You can tailor it to suit your needs (IE: only modal dialogs), and it would support AJAX if requirements change down the road.
Beware of spawning modal dialogs from modal dialogs.
If your boss is asking you to achieve this, without using AJAX, then you're in trouble. He should understand that the only connection a browser has to the server (without refreshing the page) is javascript (what he understands to be ajax).
The best way to do this is to setup a script on the pages to ask the server if the user is still logged in every 30 seconds or so.
setInterval(function(){
$.get("loggedin.php", function(result) {
if (!result.isLoggedIn)
window.close();
});
}, 30000);
This script assumes you're using the jQuery framework for rapid development of javascript solutions. This also uses JSON (Javascript Object-notation) to test a return-value from the loggedin.php file.
Bottom line, you need to use AJAX. Tell your boss there is no other way. If he still doesn't get it, ask him to balance his checkbook without using math.
In theory, you could avoid AJAX by using a hidden flash widget...
But more practically, AJAX is the 'right' solution, and I think you will have to talk to your boss, determine where this 'no AJAX' rule came from, and convince him that AJAX is the best way to solve this problem.
Does he think AJAX would be take too much time to implement? If so, you should prove him wrong. Does he think it will be hard to maintain? If so, show how simple the code to do this will be, and how widely used the common AJAX libraries are. If your boss is reasonable, then his goal is to what is best for the product, and you should be able to reason with him.
Related
I am developing a spring MVC application. I ran into some interesting case.
To make it easier to explain i am taking the stackover flow buttons on the top as example( i mean those questions, tags, users, badges, unanswered buttons).
Now in my app i have similar buttons. when user clicks on any button it makes ajax call by passing proper arguments. Server makes sql queries and returns the results back.
Now assume that there is a crazy user like me who keeps on clicking those buttons without break. So each click is making a ajax call. And which ever completes its operation is showing up on front end. So even if the user clicks Tags button in the last it may show up and again the previous click on questions which took long time to return to front end can overwrite the page. How can i fix that? ( i want the tags data to be shown as it is the users last click)
In the first place i know that when user first clicks on question and then on tag i no longer need to query sql for questions button. Is there some way for me to stop processing the sql query for questions button.
Thanks
The best way to handle this is through the user interface - if the user takes some action (clicking an image) that will require significant processing on the backend, your UI should prevent other actions on the page from sending further messages to the backend until the original request is complete.
Ways to tackle this visually would be to disable/gray out other elements, make it obvious that some work is going on (with spinners, progress bars), etc.
On the server side, since each HTTP request is independent it would be cumbersome and difficult to add logic on the server to be able to detect if the user making this current request has another ongoing request currently being processed.
You probably need to take help of cookies. When the first time the action is done, write some cookie. Every time, check that cookie before you process.
You cannot simply disable a link or button from the UI and hope the user cannot do it. It can always be done in multiple ways. Additional checking is must.
(I haven't read your post completely. But from what I understand from the 1st answer...)
I had a similar problem, and I tackled it this way.
I did hand-coded ajax calls (as opposed to jQuery etc.)
I had a single global XMLHTTPRequest.
var xhr = new XMLHTTPRequest();
When the user clicked something, which needed an ajax call, I aborted the previous call, if already running.
if( xhr.readystate !=0 || xhr.readystate !=4 )
xhr.abort();
Then create a new instance of XHR, and do your business.
xhr = new XMLHTTPRequest();
xhr.open("GET", myUrl, true);
//attach callback function etc and do the send
If user refresh the page continuously using F5 functional key then the page loading is very slow and can be seen blank page for long time.
How to solve this problem?
I tried using cache on server side but I don't think that I am using it in proper way.
Can somebody help me with an example.
I think you need to use browser cache, which can be controlled by http headers, or meta tags.
http://www.mnot.net/cache_docs/
You need to set page cache to be around 5 seconds or some similar value so that no new request will be sent to server in that time interval.
A few things:
You could try to minimize processing time within your application, maybe by minimizing wasteful operations. Sounds like your application spends a lot of time recreating the output.
You could try to add some sort of caching on the server side, and and send the user the same page (ie no "new" processing) for some time. Depending on the mechanism, this may not be feasible though (https, security?). At least, afaik.
Of course you could change the way the site works. You could use Ajax to push information to the site the user is on, and so take the urge to refresh away from him.
And maybe your server just does not have enough power to serve a lot of users at the same time?
It is very difficult to stop user from pressing F5.
Try making your code more optimized.
Use meta tags for cache like:
cache-control
EXPIRES
PRAGMA NO-CACHE
Also check this for JSP caching.
response.setIntHeader("Refresh",5);
just use this jsp method for autorefreeshing of ur webpage...
http://www.tutorialspoint.com/jsp/jsp_auto_refresh.htm
Can anyone please explain how can we make a page expire when click on back button?
If we put response header as noCache does this work?
I have seen many online banking sites where session gets expired when trying to refresh a page or when trying to perform another action before getting the response for previous action or use back button. How this can be achieved in easiest way?
Thanks
If each action on the page is POST with hidden random-generated field, you can catch the situation where same POST is done twice (with GET you can try the same trick). You can then match the situation, where
User refreshes page
User click 'back' button
User works in 2 browser tabs/windows
Generally speaking, you can match any out-of-order user interaction, and session expiration can be one of the possible actions. From my observations, some bank system use such system, to prevent out-of-order user interactions.
A good design solution when a form is submitted, what should be the behavior of "back" and then "forward" browser button.
Similar question is what should happen when a user logout an application the then click "forward" browser button?
I will be glad to hear some scenarios for the mentioned situations.
Thanks.
Edit - should be good to share and my point of view :-)
My personal opinion is after logout the user should be not able to enter the application without go through the login page.
For the submit scenario - after submitted and back browser button , the user should be able to return to the form but with NO containing data.
One common pattern is Post/Redirect/Get. Under that pattern, the result of the post is a bookmarkable (and back/forward navigable) page. The Back button has one of it usual meanings of "I didn't mean to go here, take me back where I was" like hitting ESC in most Windows dialogs, and the Forward button means "I didn't mean to hit the back button, I wanted that page after all." This pattern isn't going to work for everyone; it makes the most sense when each page (including the response to a form submit) represents some conceptual entity that you'd want to bookmark.
As for the logout scenario, most apps check whether you're logged in no matter what page is specified in the URL, and redirect to the login form if you're not logged in. (You don't have to code that on every page; the check is usually a Valve or something.) A nice feature is to remember where the user was trying to go and take them there upon sucessful login.
Your question is more about design than technology, so GWT doesn't really change the picture, except to note that the GWT history mechanism is intended to mimic the behavior of static pages connected by links, which the post/redirect/get pattern does also.
It is very common to use state machines to keep the user(session) and request state. If you have such a state machine then you know that user is trying a wrong transition. Depending on the user state and the wrong transition you can forward the user to a page. For example if the user tries to go to a page which needs to be logged in but she/he has already logged out, you can send her/him to a login page but you can provide user name and only ask for the password.
To add this functionality you can write your own code by hard-coding the state machine in your code or you can use one of the available libraries. For example,
Spring Web Flow provides this functionality for Spring framework.
I have used a timer in my webpage implemented in JavaScript. but what if JavaScript is disabled? Will it remove the time constraint from the webpage? If that may be the case what should I do?
It depends on what you are trying to do, but you can use a meta refresh tag to redirect the user to another page (or the same page) after a given time interval.
This will potentially be horribly disruptive to the user experience.