automatic session timeout iphone

Question

I am developing an Iphone app for which I need to perform the automatic logout in the background itself, i.e after the Home Button for Iphone is pressed.

I have tried the following code for session timeout which works well for desktop. but this solution doesn't work in the background for Iphone as I have to wait complete 10 seconds to get redirected to the desired page.

<html>
<head>
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://code.jquery.com/jquery-migrate-1.2.1.min.js"></script>
<script>
$(document).ready(function(){
    var wintimeout;
    function SetWinTimeout() {
         wintimeout = window.setTimeout("window.location.href='try.html';",10000); //after 5 mins i.e. 5 * 60 * 1000
    }
    $('body').click(function() {
        window.clearTimeout(wintimeout); //when user clicks remove timeout and reset it
        SetWinTimeout();
    });
    SetWinTimeout();
});
</script>
</head>
<body>
<a href = "try.html"> try link </a>
Hey there.. is this working fine?
</body>
</html>

Can someone give the solution for this?

Also the session timeout interval in the above code is not getting resetted on the Iphone as I am being redirected to the desired page even if I am tapping the screen. How can I solve this issue?

Answer 1

iPhone Sdk hangs all task after 5 sec when it enters in background. It will support background task if app supports multitasking like audio play location update. One solution i can give you that save the time when you enter into background as well as save the time when you come to foreground. If it calculates more than the time to log out then hit the service you want for that.

Answer 2

Maybe something like this?

<html>
<head>
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://code.jquery.com/jquery-migrate-1.2.1.min.js"></script>
<script>
$(document).ready(function(){
    document.lastActivity = new Date().getTime();
    document.threshold = 20000; // some value
    // and set an interval to keep an eye on last activity
    var interval = setInterval(/* something here */);
    $('body').on('click keydown', function() {
        document.lastActivity = new Date().getTime(); // keep resetting this
    });
}).on('focus', function () {
    var timeSince = new Date().getTime() - document.lastActivity;
    if (timeSince > document.threshold) {/* do stuff here */}
});
</script>
</head>
<body>
<a href = "try.html"> try link </a>
Hey there.. is this working fine?
</body>
</html>

The idea is to compute the time elapsed since the last activity. iOS devices pause JS when the browser is in the background, and for good reason, in my opinion.

Answer 3

How about something like this... NOTE: I have a couple of MVC Razor snippets that could be switched out with anything else. I haven't tested this but it's a good start. Non Safari iOS browsers will ignore the pageshow/pagehide event handlers so this is NOT a complete solution for mobile devices. Please feel free to improve upon this for broader cross browser functionality. Also, this solution requires the use of the JQuery cookie plugin: https://github.com/carhartl/jquery-cookie

///////// Client-Side Code

    //Safari iOS example that could be further developed to handle other mobile browsers
    var sessTimeCutOffInMs = 600000;   //600000 ms equals 10 minutes

    //Safari iOS event handler for resume tab and/or focus from sleep mode
    window.addEventListener("pageshow", function(e){            
        var timeIn = getTime();
        var timeOut = $.cookie('timeOut');
        if(timeOut != null) {
            //Let us compare
            compareTimes(timeIn,timeOut);
        }
    }, false);

    //Safari iOS event handler when creating new tab/app switching and/or putting into sleep mode
    window.addEventListener("pagehide", function(e){
        var timeOut = getTime();
        $.cookie('timeOut', timeOut, { path: '/' });

    }, false);  


    function getTime() {
        @{
        //MVC Razor syntax
         //formatted as milliseconds since 01.01.1970
         var _serverTime = DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1)).TotalMilliseconds.ToString("F0");
        }
        var serverTime = @_serverTime;
        return serverTime;
        //return (new Date()).getTime();            
    }   

    function compareTimes(timeIn,timeOut) {
        var diff = timeIn - timeOut;
        //If the mobile page was asleep for 10 minutes or more, force iOS user to logout
        //Especially useful for when forms auth is set to slidingExpiration=true
        if(diff >= sessTimeCutOffInMs) {
            //Redirect to logout routine
            //MVC Razor code shown below for redirecting to my Home Controller/Action
            simpleReset('@(Html.ResolveUrl("~/Home/SignOut"))');
        }
    }       

    function simpleReset(url) {
        window.location.href = url;
    }

///////////// MVC 4 HomeController.cs code fragment for SignOut() Action

    [AllowAnonymous]
    public ActionResult SignOut()
    {            
        try
        {
            ViewBag.Message = "You are signed out.";

            //DELETE SSO Cookie 
            HttpCookie ssoCookie = new HttpCookie("SMSESSION", "NO");
            ssoCookie.Expires = DateTime.Now.AddYears(-1);                            
            ssoCookie.Domain = ".myDomain.com";      //IMPORTANT:  you must supply the domain here
            Response.Cookies.Add(ssoCookie);

            //Look for an existing authorization cookie and kill it
            HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
            authCookie.Value = null;
            authCookie = null;
            Response.Cookies.Remove(FormsAuthentication.FormsCookieName);

            // clear authentication cookie
            //Overriding the existing FormsAuthentication cookie with a new empty cookie ensures 
            //that even if the client winds back their system clock, they will still not be able 
            //to retrieve any user data from the cookie

            HttpCookie cookie1 = new HttpCookie(FormsAuthentication.FormsCookieName, "");
            cookie1.Path = FormsAuthentication.FormsCookiePath;
            cookie1.Expires = DateTime.Now.AddYears(-1);
            cookie1.HttpOnly = true;
            Response.Cookies.Add(cookie1);

            // clear session cookie
            HttpCookie cookie2 = new HttpCookie("ASP.NET_SessionId", "");
            cookie2.Expires = DateTime.Now.AddYears(-1);
            Response.Cookies.Add(cookie2);

            //Explicitly destroy roles object and session
            SimpleSessionHandler.myRoles = null;
            Session.Clear();
            Session.Abandon();

            // Invalidate the Cache on the Client Side
            Response.Cache.SetCacheability(HttpCacheability.NoCache);
            Response.Cache.SetNoStore();

            FormsAuthentication.SignOut();
        }
        catch (Exception ex) {
            //Swallow it
            Log.LogError("AUTH COOKIE ERROR: " + ex.Message, ex);
        }

        //The loginUrl on IWH is actually a LOGOUT page for the SSO cookie
        return Redirect(FormsAuthentication.LoginUrl);

    }