Session Timeout - Functional Specifications
Currently Openbravo ERP has a session timeout of 1 hour, but alerts service send a request every 50 seconds.
This requests keeps the session alive and avoid the session timeout.
The aim of this project is make the alerts service don't affect the session timeout.
This objective can be reached implementing a filter in the web server. This filter can differentiate the request made by an user and the requests made by an automated service.
The request made by an user should restart the expiration timeout of the session, and the automated request should left unaltered the remaining time for session expiration.
This filter affects all the web requests made by the application, it should be necessary to make a QA test that confirm this filter do not interferes in any of application functionalities. A list of susceptible things to test:
- Change of role
Other interesting thing to test is to set a small timeout (for example 1 minutes) and in a window with a large grid, only do a scroll every 30 seconds. The grid scroll make a request for more data and the session should not expire.