HomeGuidesAPI
HomeGuidesRecipesAPI
HomeGuidesAPILog In

User Sessions and Form Timeout

Suggest Edits

Introducion

Every user interacts with the SmartIQ platform via a session where a collection of metadata about the user together with their in-progress forms are kept, losing a session is potentially losing unsaved work. Sessions come to an end when a user triggers a logout, or a timeout is reached so the resources kept by the session can be freed for active users and reduce the risk of an active session being compromised by a hacker. OWASP recommends minimum session lengths however small session lengths can become frustrating to end users and no session is resistant to closing a browser or powering down a device or desktop PC. Thus, SmartIQ offers a variety of automated and user triggered save techniques that formally save and allow a user to resume an in-progress form. Saved forms not only prevent data loss via timeout but allow users to return to resume their form at a time that suits them an hour or months later for example.

Session Timeouts

A session timeout is when a user has become idle for a nominated period, specially where a user has not made a request to the server, for example by starting a new form or interacting with a question or page.

KeepAlive

If a user becomes distracted or navigates away from an in-progress form, a “pulse” known as a keepAlive request set at regular intervals to let the server know that the user might potentially return to the form and prevent terminating the session. Things to consider about the keepalive request include:

  • The keepalive timeout interval is calculated at half of the lower of the Authentication Timeout or the Session Timeout as set in the Produce ApplicationSettings file, configured by server administrators.
  • The keepAlive request applies only to in progress forms, it does not apply do the home page or dashboards.
  • If the browser is closed or the device powered down keepalive requests are no longer made
  • A session is created and managed for a guest user equivalent to that of a named user
  • The keepalive can be turned off

The keepalive pulse can be seen in network activity as depicted below:

Other Server Side Factors

Other server side factors such as server downtime or application pool recycling can too cause session loss. These settings are managed by server administrators.

Updated 11 days ago