I have pages secured by a Security Provider Enforcer, but I’ve noticed that a session can expire (no longer technically logged in) but the page remains open and appears normal to the user. If they do a hard-refresh or similar action it will take them to the appropriate screen to sign in again. But, if they remain on the page and do things like update a form, then page acts as if it were performing the function, but since they are expired, the Server Action does not execute.
How is the best way to display a message on the screen when the session expires?
I have an App Connect to a query of ‘LoggedInUser’ which has the condition in Server Connect where the UserID = Security Identity so it returns the one record of the logged in user.
I then use the scheduler to re-load that Server Connect every 2 or 3 minutes and, if it returns unauthorised then it can do anything - I redirect to the homepage but you can do anything… an alert, a login modal, hide the data, etc.
Or, assuming your Server Connect uses the Security Enforcer, then just re-load that using the scheduler as that will return ‘unauthorised’ if they’re no longer logged in.
I never found that to be honest. I just added the on unauthorized to the same action that runs my manual logout action, so in essence it does the same thing as manually clicking the logout button. I never needed a scheduler.
yes, I found it out by accident because of an api that session expired after 3600 seconds. I was hoping that it could be adjusted so it could run a token refresh a minute before expiry, but it seems to run the instant the session expires.