A fairly common gotcha with integrating flash videos/tutorials into Liferay, is that even though a user is actively viewing and interacting with the flash component, this does not end up extending the user’s Liferay session. As a result, if the user spends enough time in the flash without performing any action within Liferay, the user’s Liferay session will timeout resulting in some frustration for your end-users. Of course, with Liferay’s session timeout warning and option to extend the session, if the user catches the warning at the right time, he/she can extend their Liferay session manually. Additionally, Liferay does provide an auto-extend session option, but that this may or may not be acceptable depending on your security and general architectural guidelines. In the last year, we have implemented a few healthcare customer portals where flash-based training was a key component of the overall portal functionality, and this issue came up where our clients wanted the Liferay session to extend but only when the end-user explicitly performed an action within the flash tutorials.
We ended up asking the flash developers to embed background calls to http://liferay-portal-domain/c/portal/extend_session on each explicit user action within the flash components. The flash components would simply fire off requests to the extend_session URL, and not do anything with the server response.
Additionally, on the Liferay side, we needed to implement two changes –
Disable caching of extend_session: we found that some client browsers tended to cache the extend_session URL, negating any benefit of the flash component invoking the Liferay extend_session URL. To disable client browser caching, we ended up modifying the /portal-web/docroot/html/portal/extend_session.jsp to add the following headers –
response.setHeader("Cache-Control","no-cache"); response.setHeader("Pragma","no-cache"); response.setDateHeader ("Expires", -1);
Note that the doNothing call is only necessary on expiration.
While this blog entry focusses on flash/flex components, this solution to the Liferay session expiration problem can also apply to applications displayed in iframes on Liferay, if you have the flexibility to make a change (add the extend_session call) to the iframed application.
Marketing Plug: XTIVIA offers a full suite of Liferay services through our team of Enterprise Portal experts with full project lifecycle as well as consulting experience around the Liferay platform.