views:

357

answers:

2

I have a WCF web-service and a Silverlight app displaying data from that service. In my service I'd like to implement automatic logout of the user, if no service methods were invoked during a period of time (for example 20 minutes).

I'm thinking about smth like that:

Dictionary<User,TimeSpan> Inactivity

When a service method is invoked i reset the TimeSpan. But what will happen, if 20 minutes pass, and I call the Logout method (which clears all User caches), and suddenly the User returns from lunch)) and presses a button in his Silverlight app? Obviously he'll get an error. Is there any way to avoid this, or all my concept is wrong? Maybe there's a better way to logout the user automatically?

A: 

20 mins passes, Logout method runs, user's redirected to a login page, user comes from lunch, sees a login page with a message that his session has expired, enters username/password, logs in.

PL
the problem is, that the logout method is called in a web-service and not on the client. and there's no way to notify the client about that
Well, then you have 2 options: a) use messaging (Kaazing, Nirvana, etc.) to notify client about logout b) have a periodic session check in the client that would query the service if it's still logged in + make client handle the security exception thrown by any of your services once client's session is expired.
PL
handling security exception was quite enough, thx.
A: 

Can your elaborate more on how it can be implemented. I mean the logout procedure redirecting to login page after certain period of inactivity. I am trying to do wht 'rubin-attack' has asked.

Thanks.

Priyanka
use custom exceptions like FaultException<AutoLogoutError> and handle them on the client's side, when such exception is received do page refresh!