1

I want cookie to expire when session of user expires. It can be pure in javascript, XPages-SSJS.

Prabhakar
  • 402
  • 6
  • 20

3 Answers3

1

On each page load set the cookie to expire on the current time + the length of the session.

For example, if your session is 1 hour long, add this on page load:

var time = new Date().getTime(); // get the current time 
time += 3600 * 1000; // add 1 hour to the current time
document.cookie = 'cookiedata=' + cookiedata + '; expires=' + time.toGMTString() + ';';

In this example, cookiedata is whatever you are storing in the cookie.

Jimmery
  • 9,783
  • 25
  • 83
  • 157
  • Okay..but I want no hardcoded values..expiration time should be session timeout defined at server level. Thanks – Prabhakar Sep 10 '13 at 11:11
  • 1
    Cookies are set on the client, and you can only transmit server level information to the client when the client requests new pages. Unless of course you use AJAX or PUSH to continually communicate between the server and client to check if the session has ended (which is extremely inefficient way of solving this problem). Unfortunately, due to the way that HTTP traffic works, hard coding in values is your best approach to this problem. – Jimmery Sep 10 '13 at 11:17
  • Ok..Thanks. I was wondering is there any possible way to use session ID while setting cookie so that cookie is session specific(not when user closes browser but when session expires). I am not sure about this whether it will work and how to do it. – Prabhakar Sep 10 '13 at 11:22
  • @Jimmery: You can add a cookie from server with the HTTP header *Set-Cookie*. Please check http://www.ietf.org/rfc/rfc2109.txt. – Sven Hasselbach Sep 10 '13 at 11:24
  • 2
    @Prabhakar Ive given you a breif overview of how the user and server communicate to each other in your other question: http://stackoverflow.com/a/18717815/1037617 – Jimmery Sep 10 '13 at 11:34
  • @SvenHasselbach I am aware of this, its an alternate method of achieving what I demonstrated with javascript. However this doesn't change the fact that the server cannot communicate with the end user if the user doesn't make any requests. – Jimmery Sep 10 '13 at 11:36
  • 1
    Examine the source of the Keep Alive component from the Extension Library. Since the intent of that component is essentially the *opposite* of what you're attempting (ping the server right before the session would otherwise expire), that may give you a clue as to how to determine when the cookie should be cleared. – Tim Tripcony Sep 10 '13 at 12:00
0

The code on this XSnippet can be used behind a Logout button. This will clear the sessionScope variables for an 8.5.x server, but will not for a 9.0 server: http://openntf.org/XSnippets.nsf/snippet.xsp?id=clear-session-whole-server

If you want to clear the sessionScope map on R9, you'll need to get a handle on the map, iterate the keys and clear them, as in this XSnippet: http://openntf.org/XSnippets.nsf/snippet.xsp?id=clear-session-current-nsf

Paul Stephen Withers
  • 15,699
  • 1
  • 15
  • 33
0

Here is an example how to modify the expiration date of the session cookie from server side:

<?xml version="1.0" encoding="UTF-8"?>
<xp:view xmlns:xp="http://www.ibm.com/xsp/core">

<xp:this.beforeRenderResponse>
    <![CDATA[#{javascript:var sessionId = facesContext.getExternalContext().getRequest().getSession().getId();
    var response = facesContext.getExternalContext().getResponse();
    var maxAge = facesContext.getApplication().getApplicationProperty("xsp.session.timeout", "30");
    var maxAge = maxAge * 60;
    response.addHeader("Set-Cookie","SessionID=" + sessionId + "; path=/;  max-age=" + maxAge)}]]>
</xp:this.beforeRenderResponse>

</xp:view>

But keep in mind that setting an expiration of a cookie will have some side-effects, f.e. if you are closing the browser the cookie will not be removed automatically. Because the cookie is is valid for the whole server (path=/), this can affect other applications running on the same path too.

Sven Hasselbach
  • 10,455
  • 1
  • 18
  • 26