Hi alan,<br><br>getchallenge reponse token is not the life time of the session with life time of token, meaning before 5mins one has to complete the loging operation.<br><br>the session time configuration is as follows.<br>
<br>session idle timeout is 30mins.<br>session lifespan is 24hrs.<br><br>javascript lets you run interval-ed tasks to i recommend you ping the server every 25 or 28 mins. <br><br>going forward we are planing to increase the idle timeout to 24hrs and lifespan to 3days.<br>
<br>Thanks,<br>MAK<br><br><div class="gmail_quote">On Tue, May 18, 2010 at 3:16 PM, Giuseppe Rota <span dir="ltr"><<a href="mailto:g.rota@studiosynthesis.biz">g.rota@studiosynthesis.biz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div class="im">On Tue, May 18, 2010 at 9:45 AM, Alan Lord (News) <<a href="mailto:alanslists@gmail.com">alanslists@gmail.com</a>> wrote:<br>
> One of the most annoying bugs in the Thunderbird extension for me and my<br>
> customers is how, if the session times out, you have to re-save the<br>
> vtiger configuration settings to trigger a fresh login attempt.<br>
><br>
> I'd really like to fix this so that, as with all my email accounts, I do<br>
> not have to repeatedly login.<br>
><br>
> I've been thinking about how to achieve this and am not sure of the<br>
> "right" approach.<br>
><br>
> When we login using the REST API, we get a token. This token has a<br>
> lifetime, which I believe we can capture and store. When any new<br>
> transaction occurs (within the lifetime of the current token) across the<br>
> REST API, I believe the lifetime of the token is then extended.<br>
<br>
</div>Yes, that's what happens in the getchallenge phase, have a look at the<br>
code in include/Webservices/AuthToken.php, the code is quite simple.<br>
<div class="im"><br>
><br>
> The TB extension is written in javascript and I am not sure that we can<br>
> spawn a thread to run a timer so that we can trigger an event before the<br>
> token expires if nothing else has happened.<br>
><br>
> Could I just check to see if the token has expired (time elapsed) and if<br>
> so, go through the login process again? This means I have to add a test<br>
> before *every* API call (seems like a lot of overhead to me?).<br>
<br>
</div>As you can see from the above file, the session lasts 5 minutes. AFAIK<br>
there seems to be no way of figuring out if the session expired,<br>
calling a getchallenge operation "disturbs" the session state much<br>
like in quantum physics :)<br>
I guess that you can use some sort of optimistic approach:<br>
if not more than, say, 4 and a half minutes have passed since the last<br>
webservice operation, go ahead and try to perform the webservice<br>
operation. It will most likely go through. Make sure to detect a<br>
failure in the operation so that you know that you need to do again a<br>
getchallenge+login to get a new sessionid. (never trust the client :)<br>
<br>
If more that 4 and a half minutes have passed, do a getchallenge+login<br>
operation and store the sessionid for future calls.<br>
If you have access to the above php file you can try to extend the<br>
window of the session.<br>
<br>
hope it helps<br>
Giuseppe Rota<br>
<font color="#888888">--<br>
Studio Synthesis srl<br>
Business Process Consulting<br>
Via Callegari 10, Brescia - (+39)030/8336089<br>
<a href="http://www.studiosynthesis.biz" target="_blank">http://www.studiosynthesis.biz</a><br>
</font><div><div></div><div class="h5">_______________________________________________<br>
Reach hundreds of potential candidates - <a href="http://jobs.vtiger.com" target="_blank">http://jobs.vtiger.com</a><br>
</div></div></blockquote></div><br>