Alpha Video Training
Results 1 to 5 of 5

Thread: Login Expiration Policy = Defined time after initial login

  1. #1
    Member
    Real Name
    Jane
    Join Date
    Mar 2015
    Posts
    149

    Default Login Expiration Policy = Defined time after initial login

    Hi There,

    Thank you for taking the time to look. Much appreciated.

    We want a person to be able to stay logged into the system for 12 hours.

    I've tried to google what is required for this but haven't had success in finding clarity.

    Can you help with these questions?
    1. To set login expiration policy = defined time after initial login, do we need to stop using sessions to store user info and start using cookies?
    eg. when a user is logged in, we store around 7 session variables to know the user, company and other bits and bobs.
    Would this have to be changed to the use of cookies instead of sessions.
    Same with the session_check.a5w page, it looks for session variables. Do we need to change that to the use of cookies?

    2. We bought the saas framework to help shortcut coding. Part of that came with a session_check.a5w page that does this:
    <%A5

    'Get the SaaS Options
    Dim sfOpts as c = ""
    dim sfArr as p
    sfOpts = session.saasOptions
    sfArr = json_parse(sfOpts)

    dim regError as c = sfArr._registerError_LP
    dim regSuccess as c = sfArr._registerSuccess_LP

    if session.expired = "Yes" then
    response.redirect(sfArr._freeTrialEnded_LP)
    else if session.expired = "Issue" then
    response.redirect(sfArr._issue_LP)
    end if
    %>


    ....is this page redundant because I thought the alpha framework automatically detected if a persons login session was current?!?!

    Thank you

    Jane

  2. #2
    Volunteer Moderator Steve Wood's Avatar
    Real Name
    Steve Wood
    Join Date
    Nov 2003
    Location
    Bay Area, California
    Posts
    8,842

    Default Re: Login Expiration Policy = Defined time after initial login

    Just set the Application Server's "Lifetime" to 12 hours (in minutes, so a value of 720). You set this right on the Alpha Application server under "config" on the Advanced tab. Everything else in your description is unnecessary. The special code for the SaaS Fw looks like it is specific to their trial period. It would not be necessary to use that or any other special code to do what you want.
    Steve Wood
    Join the ALPHA DEVELOPERS NETWORK
    There is no Cloud. It's just someone else's computer.
    Web - Mobile - Hosting - Products - Frameworks - Developer Resources
    AlphaToGo | IADN (100% Alpha Anywhere Websites)

  3. #3
    Member
    Real Name
    Jane
    Join Date
    Mar 2015
    Posts
    149

    Default Re: Login Expiration Policy = Defined time after initial login

    Great. Thank you Steve for your time. Much appreciated.

    Do you mind if I ask a few more questions.

    1. By "just set the application server's Lifetime to 12 hours" - is that similar to what I described as the login expiration policy, or is this different again?
    2. If it is the login expiration policy: In the login_check.a5w page, a number of session variables are set such as customerid for the components and pages to know what and where to display. Would using session variables have to change because they would expire or does alpha automatically somehow refresh them when the expiration policy starts using cookies?
    3. Where/How can I understand the session.expired to know where it's set and how? This would help me to be more flexible with the frame in the future.
    4. I've googled the framework and found generic overviews on setting up the security framework in alpha, but haven't found specifics. Do you know of any vids or guided references I can view in detail? Or could you recommend some good reasonably-priced paid resources?

    Thanks.

    Cheers

    Jane

  4. #4
    Volunteer Moderator Steve Wood's Avatar
    Real Name
    Steve Wood
    Join Date
    Nov 2003
    Location
    Bay Area, California
    Posts
    8,842

    Default Re: Login Expiration Policy = Defined time after initial login

    Login timeout is separate from session timeout, although I think of them as the same because in the Security Config I nearly always configure the first option on the Login Options tab to "Expire [login] when the session expires]. So unless they manually log out, my users are stay logged in until the session expires. Really, you want to ensure that login either expires with session, or (for some special purpose) that login expires before session, but never after. That is because that logged in user probably needs those session vars to still be valid as long as they are logged in.

    So you have to tailor session/login expiration to your application needs. An online app where the users are in their homes or coffee shops, and the information is not that vital, or there is one user in a secure location, you can push session expiration out for many hours or even days. You can even make it weeks or years but your server starts to pay a price if you have a lot of users, or even lots of spider/search engine hits, because every open session consumes memory -- and a session is created just by hitting the website, regardless of login status. Unless you have a reason to keep them logged in, I typically want the session to expire reasonably quick if the browser is idle. I normally go for one hour.

    So looking back at your original post, set the session timeout to 12 hours and the Login Expiration Policy to "Expires when current session expires".

    As described above, in my typical applications all required session var are set upon login (and a few before), and the user is logged out when session expires. So in that scenario, the user is never missing any session vars. If I had a situation where session could expire before login expires, I would still never be without required session vars because I would check to see if they exist with every page refresh, and re-set them if needed. But I really never end up in that situation the way I do it. If you did, you can do that using cookies as you described, or pull those values from my database instead if you have some key to go on.

    You mentioned "session.expired" but I do not know what that means.

    Those are the basics, there are additional things you can do in various components like the TabbedUI and the UX.

    Be more specific on what you wan to know about Security Framework.
    Last edited by Steve Wood; 05-24-2015 at 11:44 PM. Reason: used "their", s/b "there"; details.
    Steve Wood
    Join the ALPHA DEVELOPERS NETWORK
    There is no Cloud. It's just someone else's computer.
    Web - Mobile - Hosting - Products - Frameworks - Developer Resources
    AlphaToGo | IADN (100% Alpha Anywhere Websites)

  5. #5
    Member
    Real Name
    Jane
    Join Date
    Mar 2015
    Posts
    149

    Default Re: Login Expiration Policy = Defined time after initial login

    Thanks Steve. That answers my question perfectly.
    Much appreciated for your time. Cheers.

Similar Threads

  1. Auto-login feature for desktop browser login
    By Steve Wood in forum Code Archive
    Replies: 0
    Last Post: 10-31-2014, 03:12 AM
  2. Can you set initial focus on login component?
    By -Jinx- in forum Application Server Version 11 - Web/Browser Applications
    Replies: 4
    Last Post: 12-13-2012, 02:22 PM
  3. Last Login Date/time
    By swest in forum Application Server Version 11 - Web/Browser Applications
    Replies: 16
    Last Post: 06-13-2012, 05:12 PM
  4. Login expiration policy - "Expires when user closes browser"
    By Editor in forum Application Server Version 10 - Web/Browser Applications
    Replies: 2
    Last Post: 11-20-2009, 12:08 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •