A fairly common gotcha with integrating flash videos/tutorials into Liferay, is that even though a user is actively viewing and interacting with the flash component, this does not end up extending the user’s Liferay session. As a result, if the user spends enough time in the flash without performing any action within Liferay, the user’s Liferay session will timeout resulting in some frustration for your end-users. Of course, with Liferay’s session timeout warning and option to extend the session, if the user catches the warning at the right time, he/she can extend their Liferay session manually. Additionally, Liferay does provide an auto-extend session option, but that this may or may not be acceptable depending on your security and general architectural guidelines. In the last year, we have implemented a few healthcare customer portals where flash-based training was a key component of the overall portal functionality, and this issue came up where our clients wanted the Liferay session to extend but only when the end-user explicitly performed an action within the flash tutorials.

We ended up asking the flash developers to embed background calls to http://liferay-portal-domain/c/portal/extend_session on each explicit user action within the flash components. The flash components would simply fire off requests to the extend_session URL, and not do anything with the server response.

Additionally, on the Liferay side, we needed to implement two changes –

Disable caching of extend_session: we found that some client browsers tended to cache the extend_session URL, negating any benefit of the flash component invoking the Liferay extend_session URL. To disable client browser caching, we ended up modifying the /portal-web/docroot/html/portal/extend_session.jsp to add the following headers –

response.setDateHeader ("Expires", -1);

Disable client-side JavaScript to explicitly logoff user on Liferay session timeout: the Liferay feature of allowing users to extend their Liferay session when their session is about to timeout, includes the side-effect that there is client-side JavaScript that explicitly logs the user off from the Liferay server. Even if the flash component invokes the extend_session URL to extend the session on the server-side, the client-side JavaScript is not aware of this, and will end up explicitly logging the user off whenever the client-side timer counts down to zero. So, it becomes necessary to override the session-extension feature on any page that displays a flash component – this can be achieved by adding some JavaScript in the portlet that renders the flash –

<script type="text/javascript">

     function doNothing () {



     if(typeof(Liferay.Session) != "undefined") {

          Liferay.Session.warn = doNothing;
          Liferay.Session.extend = doNothing;
          Liferay.Session.checkState = doNothing;
          Liferay.Session.expire = doNothing;



Note that the doNothing call is only necessary on expiration.

While this blog entry focusses on flash/flex components, this solution to the Liferay session expiration problem can also apply to applications displayed in iframes on Liferay, if you have the flexibility to make a change (add the extend_session call) to the iframed application.

Marketing Plug: XTIVIA offers a full suite of Liferay services through our team of Enterprise Portal experts with full project lifecycle as well as consulting experience around the Liferay platform.

Share This