I am building a hybrid application , we are facing an issue with session in application we defined 1 minute session in worklight.properties file and now after one minute if I tried to call adapter service it's still working so how can I maintain session in my application, as user is not logout. also after session out how logged in user will redirect to login page?
Here is my worklight.properties entry
serverSessionTimeout=1
my security realm defined below:
authenticationConfig.xml
<securityTests>
<mobileSecurityTest name="PushSecurityTest">
<testAppAuthenticity />
<testUser realm="AuthRealm" />
<testDeviceId provisioningType="none" />
</mobileSecurityTest>
<customSecurityTest name="PushSecurityTestNew">
<test realm="wl_antiXSRFRealm" />
<test realm="wl_authenticityRealm" />
<test realm="wl_remoteDisableRealm" />
<test realm="wl_anonymousUserRealm" isInternalUserID="true" />
<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" />
</customSecurityTest>
<customSecurityTest name="SubscribeServlet">
<test realm="SubscribeServlet" isInternalUserID="true"/>
</customSecurityTest>
</securityTests>
<realms>
<realm loginModule="AuthLoginModule" name="AuthRealm">
<className>com.worklight.integration.auth.AdapterAuthenticator</className>
<parameter name="login-function" value="PushAdapter.onAuthRequired"/>
<parameter name="logout-function" value="PushAdapter.onLogout"/>
</realm>
<realm name="SubscribeServlet" loginModule="rejectAll">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm>
</realms>
<loginModules>
<loginModule expirationInSeconds="-1" name="AuthLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<loginModule name="requireLogin" expirationInSeconds="-1">
<className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
</loginModule>
<loginModule name="rejectAll" expirationInSeconds="-1">
<className>com.worklight.core.auth.ext.RejectingLoginModule</className>
</loginModule>
</loginModules>
Query
How session timeout will work and how user will redirect to login page after session timeout ?
By default, MobileFirst Platform 7.1 uses a mode called "session independent". This means that it does not use the concept of a session at all, and the value for serverSessionTimeout is no longer relevant.
Instead, the values you should look at are the expirationInSeconds for each of your loginModule. Each Login Module can have its own expiration time. Try a value of 60 seconds and see how it affects your flow.
Regarding "how user will redirect to login page", this is all done through your challenge handler. When a request will be sent to a protected adapter, and the login module expired, you will receive the same challenge that was sent for the first request.
It is up to you, in code, to catch the challenge (with a challenge handler) and display the correct login prompt to the user.