I have an application that requires the user to reenter their password between 15 and 30 minutes of inactivity to allow them to carry on with what they were doing.
My current idea is to have a piece of javascript that calls a popup after 15 minutes, asking the user to log in again. The site as a whole has a 15 minute forms authentication timeout, and a 30 minute session timeout.
I would then like it to allow the original page to have a postback if the user successfully authenticates themselves in the popup.
Currently I have the popup working (with a 15 minute countdown using JS) and the user is able to log in again, however when the popup window is closed and the user attempts to perform an action on their original page, they are asked to log in again.
I assume this is because their original cookie that was attached to the original page will have now expired, and it won’t detect the new one.
How can I pass the successful authentication from the popup window to the original page?
If you add a meta tag, or a hidden div, that populates the authentication token in the content attribute for a meta tag, and just in the div body for a hidden div, you could grab it from the popup window like this…
Then you could update the session cookie with the contents of somevar from JavaScript. As long as you maintain the handle to the window, you should be able to get at the window’s DOM.
There may be some cross browser variance in how you get at the dom, I think IE has a slightly different method, but it is easily tested for and the result is the same.