Phrame 3 Documentation Home  |  Features  |  Downloads  |  Contact Documentation > How To Use Session Validation

Install Phrame 3
Configure The Phrame Container
Configure An Action Server
Configure The Error Handler
Define A Module Configuration
Trigger The Phrame Container
Trigger An Action Server
Trigger An Action
Use Language Negotiation
Use Phrame Tag Libraries
Load Classes Just In Time

 

Phrame supports session validation more or less similar to the session validation mechanism supported by the Java Servlet specification. This mechanism ensures a session is timed out if a user has not submitted a request to the action server within a certain period of time. If a session is timed out and the user submits a request, the action server will return an error page.

To enable the session validation mechanism, you have to include the following configuration parameters in the server configuration:

• Add a _SESSION_TIMEOUT parameter and set it to the number of minutes of inactivity after which the action server has to time out any session it has created. The default value is -1 meaning the server will never time out a session;
• Include an _INVALID_SESSION parameter in the _ERROR_PAGES array and set it to the URI of the error page that the server has to show in case a session is timed out. If you donot specify this page, Phrame will show a blank page!

  You may want to implement language negotiation to enable the server to show different error pages for different languages (see How To Use Language Negotiation).

To enable the session validation mechanism, you have to include session configuration parameters and optionally a session timeout error page in the configuration of the Phrame container as shown in the code snippet below. Note that if you donot specify this page, Phrame will send a '202' error response to the client with an explanatory error text (202 is HTTP status code Accepted).

$containerConfig = array(

  _SESSION_CONFIG => array(
    _SESSION_TIMEOUT => 30 // time out after 30 minutes
  )                        // of inactivity

  ,_ERROR_PAGES => array(

    _INVALID_SESSION => '/path/to/invalidsession.html'

    ...
    other error pages go here
    ...
  )

  ...
  other container configuration parameters go here
  ...

);

You can also set the session timeout period for an individual session, by setting a session's maxInactiveInterval property. For example:

// Set timeout period to 30 minutes (to be specified
// in miliseconds!)
$session =& $request->getSession(); 
$session->setMaxInactiveInterval(3600);

Use a session's invalidate() method to invalidate it immediately. For example:

// Invalidate session immediately (will be effective
// when the user submits a new request)
$session =& $request->getSession(); 
$session->invalidate();

© 2005 Pieter A. van Stempvoort. All rights reserved.

Hosted by www.Geocities.ws