How do I check if the session token is still active?

This forum contains topics that were moved from Get Satisfaction
Bryce
Posts: 0
Joined: Thu Oct 03, 2013 6:08 am

How do I check if the session token is still active?

Post by Bryce »

When navigation to a certain page, I want to check if the user is logged in and their session token is still active.

If the session token does not exist, or it has expired, I want the user to be re-directed to a "login" page.

I have read responses to other similar questions that say that the way to check that a user is logged in is to look at the localStorage variable "userSessionToken" to see if it is populated.

However, this solution is not suitable for the following scenario:

  • user logs in (localStorage "userSessionToken" = [token value] )

  • user sits idle for over 120 minutes

  • current session token is now expired, however, the localStorage variable is still populated with the same [token value]

  • when user now tries to perform a PUT request (which requires an active token), it will fail.

    I want to avoid this above scenario by performing a check on whether the current token I have stored in my localStorage variable is still active or not before I try perform the PUT request.

    How is the best (most efficient) way for me to do this?

    One thought I had was to simply perform a 'dummy' List or Query service, with the only request being the session token, and if this returns a SUCCESS response, then the token is active (and if it returns an ERROR it has expired), however I assume this may also return a lot of other data and even though I'm not mapping any of it, it still may take some time and cause data usage to be high.

    I also could not see a way to do a simple LIST of QUERY service on the Users data collection. Is this possible?

    Can you provide a suggestion as to the best (most efficient) way to perform this check?

    Thanks.

Maryna Brodina
Posts: 0
Joined: Thu Apr 05, 2012 7:27 am

How do I check if the session token is still active?

Post by Maryna Brodina »

Hello! Yes, the only one way is to perform dummy request using token. If no data returns - token is expired. To avoid getting any other data, make request to get data only for specific (logged in) user. This way you receive only one record. Please take a look here http://docs.appery.io/documentation/b...

Bryce
Posts: 0
Joined: Thu Oct 03, 2013 6:08 am

How do I check if the session token is still active?

Post by Bryce »

Thanks Maryna,

However, can you tell me how to add a query service for the Users data collection?

When I click "Create new - Database Services", I only get the login, logout, signup services to import, and only the Data collections that I created are available to select for query/list/update/etc... services.

It doesn't give me the option to automatically import services for the Users collection.

If I need to create this as a RESTservice from scratch, using a database URL as shown in the example, then how to I make the UserID dynamic, so that I can populate it from a localStorage variable?

Maryna Brodina
Posts: 0
Joined: Thu Apr 05, 2012 7:27 am

How do I check if the session token is still active?

Post by Maryna Brodina »

Yes, you need to create this as a RESTservice from scratch, using a database URL as shown in the example. To dynamically set id in URL follow these steps:
1) Service URL should look like this prehttps://api.appery.io/rest/1/db/users/{userID}/pre2) add request parameter userID
3) do mapping from localStorage variable to userID

ang .
Posts: 0
Joined: Thu Jan 09, 2014 3:13 am

How do I check if the session token is still active?

Post by ang . »

Hi, I am trying to use server code to check if token is expired.
But when testing, I always get the response "0", even though the parameters I passed are valid user id and valid session token.

here's my code:
code
// Declare database ID and Master key
var dbId = "dbid&quot
var masterKey = "my master key&quot

var userId = requestParams['id'];
var token = requestParams['
userSessionToken']

try {

//fetch current user details using token provided
//if no result returned, it means the token is expired
var XHRResponse = XHR.send("GET", "https://api.appery.io/rest/1/db/users/" + userId, {
"headers": {
"X-Appery-Database-Id": dbId,
"X-Appery-Master-Key": masterKey,
"X-Appery-Session-Token": token
}
});

// If token valid
if (XHRResponse.body.length) {
responseBody.message = "1&quot
response.success(responseBody, "application/json");
}
else
{
responseBody.message = "0&quot
response.success(responseBody, "application/json");
}
} catch (e) {
response.success("message: " + e.message + "\ncode: " + e.code); //If something goes wrong, error message appears
}
/code

What is wrong with my code?

Kateryna Grynko
Posts: 0
Joined: Thu Nov 15, 2012 9:13 am

How do I check if the session token is still active?

Post by Kateryna Grynko »

Hello,

We are working on it.

ang .
Posts: 0
Joined: Thu Jan 09, 2014 3:13 am

How do I check if the session token is still active?

Post by ang . »

Hi thx,

Actually what I want to achieve is having a global function to check token validity.
My plan is:

1) Create server code as above to check for token

2) Create a javascript, with a function to call the server code

3) In every page that is account based, call the javascript function

However, how can I execute the server code from javascript?
I don't want to add server code on every page, then call " datasourcename.execute({});" separately because datasource name is different for different page.

Kateryna Grynko
Posts: 0
Joined: Thu Nov 15, 2012 9:13 am

How do I check if the session token is still active?

Post by Kateryna Grynko »

Hi,

1) Try this code in Server code:precode var responseBody = {},
requestParams = {},
paramKeys = request.keys();
for (var key = 0; key < paramKeys&#46;length; key++) {
requestParams[paramKeys[key]] = request&#46;get(paramKeys[key]);
}
&#47;&#47; Declare database ID
var dbId = "51b8c9a7e4b0e832dd8ff987&quot
var userId = requestParams['id'];
var token = requestParams['
userSessionToken']
try {
&#47;&#47;fetch current user details using token provided
&#47;&#47;if no result returned, it means the token is expired
var XHRResponse = XHR&#46;send("GET", "https:&#47;&#47;api&#46;appery&#46;io/rest/1/db/users/" + userId, {
"headers": {
"X-Appery-Database-Id": dbId,
"X-Appery-Session-Token": token
}
});
&#47;&#47; If token valid
if (XHRResponse&#46;body&#46;id == userId) {
responseBody&#46;message = "1&quot
response&#46;success(responseBody, "application/json");
} else {
responseBody&#46;message = "0&quot
response&#46;success(responseBody, "application/json");
}
} catch (e) {
response&#46;success("message: " + e&#46;message + "\ncode: " + e&#46;code); &#47;&#47;If something goes wrong, error message appears
}/code/pre
2) You can create a global service in JavaScript asset and call it from any page:precodevar checkService;
$(function(){
checkService = new Appery&#46;DataSource(my_check_service, {
'onComplete': function(jqXHR, textStatus) {},
'onSuccess': function(data) {},
'onError': function(jqXHR, textStatus, errorThrown) {},
'responseMapping': [],
'requestMapping': []
});
});/code/preWhere 'my_check_service' is a service name.
To call this service use:precheckService&#46;execute({data: {"
id": localStorage&#46;getItem("userId"), "_userSessionToken": localStorage&#46;getItem("sessionToken")}})/pre
You would need to add some actions to onSuccess/onError/onComplete event to perform needed actions depending on a check result.

Asif
Posts: 0
Joined: Tue Aug 13, 2013 12:56 pm

How do I check if the session token is still active?

Post by Asif »

Hi,
I am using the login,logout services with session in my app and they work fine! I have read all the above messages!
I just need to know that how do I stay logged in even after user sits idle for 120 minutes! I don't want the user to auto-logout after he sits idle or minimises or even closes the application! I want user to stay logged in forever until user presses the logout button!
Also I want to refresh the page when the user opens the minimised app!
Is there any possible way to do that?
Thanks in advance!

Yurii Orishchuk
Posts: 0
Joined: Fri Feb 14, 2014 8:20 am

How do I check if the session token is still active?

Post by Yurii Orishchuk »

Hi Asif,

Please read first Marinas answer in this thread.

After app defines that token is expired - it should run "login" service automatically with stored in LSV user "login" and "pass" and get new session token.

Regards.

Post Reply