Session Time-Out Alert
Overview
This functionality warns users when their sessions are about to time out. This is done by putting up a dialog box when the session comes close to a specified timeout window.
This work was originally specified in SAK-8152, and later rewritten in SAK-13987 which contains the current patches.
http://jira.sakaiproject.org/jira/browse/SAK-8152 http://jira.sakaiproject.org/jira/browse/SAK-13987
There is a ten minute video describing this proposal and functionality here:
http://sgithens.blip.tv/file/1211984/
Visually, the functionality proposed for Sakai 2.6 is what can be seen in the video and the screenshot below. Some HTML styling and layout of the dialog can change before the code freeze.
How it works
Sakai already has a property called inactiveInterval@org.sakaiproject.tool.api.SessionManager, which dictates the length of inactive time before the users session times out. Upon entering a page on the site, the portal javascript makes an http call to an endpoint to check the status of the session. If the remaining session time is less than the warning time (say 10 minutes), the warning dialog is shown to the user. If the remaining session time is greater than the warning time, the javascript sets a timeout to check again in the difference of the time (thus avoiding constantly pinging the server).
When your session expires, the page is redirected to the url indicated by the 'loggedOutUrl' sakai property.
Status and Implementation
The patches on SAK-13987 currently patch the portalscripts.js and the portal CSS. The CSS patch simply adds a few new styles for the dialog box. The portalscripts.js add the javascript handling code at the bottom. A jquery thickbox dialog is used to show the dialog.
The current SAK-13987 patch looks as follows:
Remaining work to be done
- Add and document a sakai.property
A sakai property needs to be added to indicate the warning time (eg. usually around 5 or 10 minutes on most systems). The absence of this property could also indicate that the feature is disabled.
- i18n and minor styling
Currently the HTML for the dialog is hardcoded in the javascript. We will most likely want to add a small velocity template for this dialog so it can be internationalized and styled.
- Some timer adjustment
Some work and testing will need to occur with the timing, and how often the countdown is updated in the dialog.
Edge cases
- Because this is part of the portal, if you are working in a page or tool in it's own window instead of in the portal, this dialog will not come up.
- In some SSO systems, if your SSO timeout is larger than your Sakai Servers timeout, you may just be logged back into Sakai when you are redirected to the login.
Examples of similar systems
US Direct Loans Page
The website for paying back US Direct Student Loans features a standard javascript confirmation dialog that your session is about to be timed out.
Wamu Online Banking Site
The Washington Mutual online banking site features a blocking HTML dialog warning you of your session timeout. It contains a link to continue your session, as well as a link to log you out. When your session expires, the background changes to black (rather than a transparent shade), and the message changes changes to indicate the timed out status.
Chase Credit Card site
This is more of a "what not to do" example. Though it can be helpful that this notification pops up no matter what tab the user is on, it's also a bit confusing as it doesn't state that the pop-up is talking about your Chase credit card site session. Additionally, you have to read the message carefully to understand what the buttons do so it's easier for a user to make a mistake. At first glance, it may seem like "OK" ends the session. Finally, "session" is a bit of a technical term, and a user may not understand the consequences of ending or maintaining their session.