New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KEEP_SESSION_ALIVE set to false not respected #8238
Comments
yea probably the notification is keeping this up. |
yeah, I guess the solution is - if you have KEEP_SESSION_ALIVE set to false, only call the checkNotifications on page refresh. The problem is the whole notification API needs a user, which comes from the session |
Yea there are other solutions but they are not pretty :-p |
Hi, I don't think the proposed fix will work as there are other calls to the server in the page after the This is the fix we attempted in nav_sub_inc.jsp:
So the notification check is done when each page is first displayed, then not again until the user goes to another page (if KEEP_SESSION_ALIVE is false). This works fine in Chrome/Firefox, but we seem to have a separate issue with IE. (See 2. in my support ticket ah-15.) Even after the session should have expired, users continue to stay logged in in IE. After the session timeout period has passed and no check notification calls made in that time, if you go to a new page the JSESSIONID changes to a new one and the user still continues to stay logged in. Instead of the session expiring as with the other browsers, in IE it looks like it is continuing the same session just with a new JSESSIONID. Any ideas why? Thanks. |
…for-notifications-api-call-part-2 proposed fix #8238
PR: #8254 |
Reference: https://my.dotcms.com/ticket/dotcms-109/
We tried setting the KEEP_SESSION_ALIVE dotmarketing-config property to false. It looks like this was originaly intended to time the user out after 30 mins and redirect them to the login page. Our experience has been that whilst it does redirect them to the login page they then just get redirected straight back in.
If you have KEEP_SESSION_ALIVE set to true it does a keep alive call every 15 mins. I suspect the problem is that there is now a call to /api/notification/getNewNotificationsCount/ every 5 seconds so this is always keeping the session alive now regardless of the KEEP_SESSION_ALIVE property. So I think something needs to change there if you still want KEEP_SESSION_ALIVE to work following the addition of the notifications check.
The text was updated successfully, but these errors were encountered: