/
uMobile Native Session Management

uMobile Native Session Management

Requirements

uMobile performs manual session timeout tracking to ensure that an active session is always available.  This logic is designed to prevent the following scenario:

  1. User opens the uMobile app, establishing an authenticated session
  2. uMobile app renders a set of icons based on that user's authenticated layout
  3. User doesn't leave the app, but sets the phone down for some period of time longer than the uMobile server's default timeout
  4. User picks the phone back up and attempts to interact with one of the modules
  5. Because the user no longer has an authenticated session, uPortal automatically initializes a new guest session
  6. Module returns a permissions (or missing content) error because the module isn't in the guest layout, or displays a different (non-customized) data set for the module

To prevent the above, the uMobile's native app tracks the last-accessed time of the session on each request that would touch the server session (establishing the session, interacting with a portlet, etc.).  Each time the app attempts to access a remote portal resource, the native app first checks the last-accessed timestamp.  If the last access was long enough ago that the session is likely expired, the app establishes a new session before executing the request.

Implementation

Session Tracking Plugin

To support uMobile's session management requirements, the project has developed a custom SessionTracking plugin using the PhoneGap plugin API.  This plugin provides two methods to the front-end implementation:

  • get: returns the last-accessed timestamp for the current session
  • set: sets the last-accessed timestamp for the current session to the system's current time, then returns that value

Each time index.html is loaded, uMobile uses the SessionTracking plugin to retrieve the last-accessed timestamp and compares it against the current time and configured session length.  If the session is believed to be expired, uMobile runs the configured authentication logic to establish a new session.  The SessionTracking plugin is used to update the last-accessed timestamp each time a session is established.

The backend code associated with the SessionTracking plugin keeps an application-wide variable representing the last session access time.  In Java, this is implemented as a static Long so that it may be accessed across the codebase.  Each time a URL is loaded, uMobile compares the URL with the base portal path.  If this URL is a portal URL, we assume that it requires and exercises a uPortal session.  The code compares the current session access timestamp to the expected session length and current time to determine whether a current session already exists.  If one does, the session access timestamp is updated to the current time.  If no session exists, the code aborts the current request and reloads the index.html document in the main window.  This will cause the app to re-authenticate to the portal.  Some module state may be lost in the process.

Android

In Android, we can intercept web requests by extending CordovaWebViewClient and overriding the onLoadResource method.  In this case, we inser our session-tracking check, and if we need to reload index.html, we call ctx.loadUrl, bypassing the default WebView behavior.  Ideally we might pass a parameter to index.html indicating that a particular module should be loaded instead of the home screen. This method can also be used to implement the service URL handling logic described elsewhere.

iOS

// TODO

Web

To allow demoing and skin development without a mobile app emulator, the uMobile native app project offers an HTML5-based test implementation of the SessionTracker.