Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

Requirements

uMobile performs manual session timeout tracking to ensure that an active session is always available.  This logic is designed to prevent the following scenario:

  1. User opens the uMobile app, establishing an authenticated session
  2. uMobile app renders a set of icons based on that user's authenticated layout
  3. User doesn't leave the app, but sets the phone down for some period of time longer than the uMobile server's default timeout
  4. User picks the phone back up and attempts to interact with one of the modules
  5. Because the user no longer has an authenticated session, uPortal automatically initializes a new guest session
  6. Module returns a permissions (or missing content) error because the module isn't in the guest layout, or displays a different (non-customized) data set for the module

To prevent the above, the uMobile's native app tracks the last-accessed time of the session on each request that would touch the server session (establishing the session, interacting with a portlet, etc.).  Each time the app attempts to access a remote portal resource, the native app first checks the last-accessed timestamp.  If the last access was long enough ago that the session is likely expired, the app establishes a new session before executing the request.

Implementation

Session Tracking Plugin

To support uMobile's session management requirements, the project has developed a custom SessionTracking plugin using the PhoneGap plugin API.  This plugin provides two methods:

  • get: returns the last-accessed timestamp for the current session
  • set: sets the last-accessed timestamp for the current session to the system's current time, then returns that value

The backend code associated with the SessionTracking plugin keeps an application-wide variable representing the last session access time.  In Java, this is implemented as a static Long so that it may be accessed across the codebase.  

Front-End Session Tracking

Each time index.html is loaded, uMobile uses the SessionTracking plugin to retrieve the last-accessed timestamp and compares it against the current time and configured session length.  If the session is believed to be expired, uMobile runs the configured authentication logic to establish a new session.  The SessionTracking plugin is used to update the last-accessed timestamp each time a session is established.

Back-End Session Tracking

Each time a URL is loaded, uMobile compares the URL with the base portal path.  If this URL is a portal URL, we assume that it requires and exercises a uPortal session.  The code compares the current session access timestamp to the expected session length and current time to determine whether a current session already exists.  If one does, the session access timestamp is updated to the current time.

If no session exists, the code aborts the current request and reloads the index.html document in the main window.  This will cause the app to re-authenticate to the portal.  Some module state may be lost in the process.

Android

On Android, it appears that we can implement custom URL handling by extending CordovaWebViewClient.  We specifically override the onLoadResource method to check each URL against a list of regexes.  When we need to handle one specially, we can call ctx.loadUrl with some alternate local file URL, bypassing the normal WebView behavior.  The most practical URL to load is likely simply the main index.html file, perhaps passing in parameters to indicate that the session must be reloaded, or that the view should be initialized to a particular local module.

iOS

 

  • No labels