cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ThingWorx Navigate is now Windchill Navigate Learn More

Translate the entire conversation x

Session Timeout Warning Dialog

pshashipreetham
18-Opal
18-Opal
‎Aug 06, 2025 04:21 PM
‎Aug 06, 2025 04:21 PM

Session Timeout Warning Dialog

Hi All, 

 

I’m working on a ThingWorx application where users stay on the dashboard for extended periods. I want to implement a session idle timeout warning – similar to how most enterprise web apps display a popup like:

“You've been idle for 20 minutes. Do you want to continue your session?”


If the user doesn't respond within the countdown period, the session should expire or redirect to a logout page.

Has anyone implemented this kind of “Are you still there?” modal in a ThingWorx Mashup?

Thanks,

Shashi Preetham,
Email: psp316r@outlook.com,
Mobile: +91 8099838001.
0 Kudos
Notify Moderator
9 REPLIES 9
Constantine
17-Peridot
17-Peridot
(To:pshashipreetham)
‎Aug 07, 2025 03:09 AM
‎Aug 07, 2025 03:09 AM

Hello Shashi,

 

The conceptual issue with this approach is what happens if you open this app in tab #1 and then in 5 minutes in tab #2 -- what will the user see? You don't want to force-expire their session after 20 minutes from tab #1, because in tab #2 only 15 minutes elapsed, and the user might be using the app from that tab #2, while keeping tab #1 open for whatever reasons.

 

So, even if you implement a countdown in your mashup, you'll never know if your user session was extended from another browser tab, or automatically by running some internal service that you don't control, e.g. GetAllStyleDefinitions. In practice it means that you will often think that the session is about to expire, while in reality it has been refreshed just a minute ago.

 

There's no way to get the remaining session duration, only to extend the session. You can implement a Java extension that would get this information from Tomcat, but calling this extension through a service would automatically renew your session.

 

The only mechanism I was able to implement reliably was to detect that the session has already expired, and then block the user via a modal popup with some explanation and a "Re-login" button. To function correctly this requires a pair of extensions -- a custom Authenticator on the backend side plus a UI extension to fire an event when it encounters an HTTP 403.

 

Edit: On the second thought, you might be able to write a UI extension that would intercept all HTTP calls to ThingWorx and update some "last session refresh" timestamp shared between different browser windows and tabs via "window" DOM objects. Then, in theory, you should be able to infer the end of session somewhat reliably. I've never seen this done in real life, not only for ThingWorx.

 

/ Constantine

Notify Moderator
GuillaumeL
14-Alexandrite
14-Alexandrite
(To:pshashipreetham)
‎Aug 07, 2025 04:15 AM
‎Aug 07, 2025 04:15 AM

Hello,

 

I never did it but I think that we have everything needed on server side :

- Monitoring -> Connected Users: You have the time since last connection which is refreshed each time user is calling server. So you should find an API on server side to get this information programmatically.

- UserManagementSubsystem -> Idle Session Timeout (min) that indicates you  the session time (if you want to say only 10 minutes remaining)

 

Each minute you can run a scheduler / timer to check all users that are connected since x minutes (or Y minutes reamining before session closure).

Tricky point is to pass the information to the client side in order to have a popup : maybe you can create a user thing which is linked 1 to 1 to the user. With this thing, you will be able to use WebSocket to pass the information in live to client side. Then on your master it will be easy to compute information and to display a pop-up. It sounds feasible but never tested !

 

Other point : does it deserve to open a Web Socket for each user (or even each tab of user) only for this purpose ?

 

Regards,

Guillaume

 

Notify Moderator
Constantine
17-Peridot
17-Peridot
(To:GuillaumeL)
‎Aug 07, 2025 04:40 AM
‎Aug 07, 2025 04:40 AM

Creating a user Thing won't be sufficient, as they might login from two different devices at the same time. You'd really need to have a "session" thing, which would have very dynamic lifecycle, as those sessions expire -- an usine à gaz, basically.

0 Kudos
Notify Moderator
GuillaumeL
14-Alexandrite
14-Alexandrite
(To:Constantine)
‎Aug 07, 2025 05:01 AM
‎Aug 07, 2025 05:01 AM

My solution would work only for people connected from a single device. That can help in some use cases.

And to be sure to be connected from a single device you can activate this option "Restrict the number of concurrent logged in user sessions" in UserManagementSubsystem.

0 Kudos
Notify Moderator
Constantine
17-Peridot
17-Peridot
(To:GuillaumeL)
‎Aug 07, 2025 05:04 AM
‎Aug 07, 2025 05:04 AM

Just my 2 cents.

 

If somebody seriously asked me to implement something like that, I'd probably do it as a standalone webapp, which would query Tomcat sessions via JMX. It would expose the expiration timestamp via an HTTP endpoint that would take a JSESSIONID as a query parameter. I've just checked -- Tomcat's MBean does expose session IDs (so that we can "authenticate" those API calls) and expiration, so this is doable. I would then deploy it on the same Tomcat, just to avoid operational overhead. I'd call this API from my mashups through a tiny UI extension that would take JSESSIONID from a cookie.

 

Sounds like one fun day of work.

0 Kudos
Notify Moderator
Rocko
18-Opal
18-Opal
(To:pshashipreetham)
‎Aug 08, 2025 04:31 AM
‎Aug 08, 2025 04:31 AM

Question is how reliable you need this to be. As @Constantine pointed out this can be arbitrarily complex. 

If you just go for the 80% solution, you could find out about the idleness by linking every click event on a widget to a service call, writing a timestamp into the Session object (serverside) or with an expression into clientside session object(TW.sessionStorage), but that is hardly manageable, especially with complex mashups.

Note that in TWX 10 there is a new Timer widget you could use for a countdown, but it won't solve the underlying issues sketched before, like multiple tabs.

 

Notify Moderator
Constantine
17-Peridot
17-Peridot
(To:Rocko)
‎Aug 08, 2025 04:57 AM
‎Aug 08, 2025 04:57 AM

Oh man, I forgot about TW.sessionStorage! Thanks for bringing it up, this will help me solve an issue on another project right now.

 

/ Constantine

0 Kudos
Notify Moderator
abandal
12-Amethyst
12-Amethyst
(To:pshashipreetham)
‎Aug 11, 2025 02:38 PM
‎Aug 11, 2025 02:38 PM

Hi @pshashipreetham ,


I wanted to follow up with you on your post to see if your question has been answered.
If so, please mark the appropriate reply as the Accepted Solution for the benefit of other members who may have the same question.
Of course, if you have more to share on your issue, please let the Community know so that we can continue to support.
 

Thanks,
Abhi

 

0 Kudos
Notify Moderator
abandal
12-Amethyst
12-Amethyst
(To:abandal)
‎Aug 25, 2025 09:38 AM
‎Aug 25, 2025 09:38 AM

Hello @pshashipreetham ,

 

I hope you are doing well!

 

Did you have a chance to review the responses/suggestions provided on your post?

 

if you have any further questions/concerns, please let the Community know so that we can continue to support.
 

Thanks,

Abhi

0 Kudos
Notify Moderator
Announcements


Contact Community Management
Top Tags