Admin Auto-Logout

We are suffering as you are, so far with no slick workaround. I submitted a bug and insisted that they submit it as a feature upgrade (which they did) as follows:

1. Record all keystrokes as browser activity.

2. Activity in any browser window keeps all browser windows alive.

3. Provide a "Save" warning before forced logout in all instances.

I asked about this at the summit. The forced logout is a security requirement. Perhaps if more of us ask for this feature upgrade we will get it sooner. I showed this to their UI specialist. She was quite surprised about the lack of warning.

I understand the frustration, and we will definitely be doing something to track WYSIWYG activity in the client and send a keep-alive periodically back to the server to prevent this. I'll see what I can do to get this work accelerated.

One thing y'all may not be aware of is that whenever we do a patch or software upgrade, we take an application server at a time out of the rotation for accepting new sessions and then wait for all the active sessions to complete on that application server before upgrading it. This lets us minimize the disruption to you. If you leave something continuously pinging the server, it makes life more difficult for our IT team (who have a very tough life already) as they will bend over backwards to not kill an active administrator.

Michael :

I've updated the original script I posted quite a bit since:

https://my.care.org/care/apps/keepalive/keepalive-1.3.3.js

Additional features since previous 1.2.1 was posted:

1. Ability to restart the keep alive process if it drops off by button click rather than page reload.

2. Script pays attention to the time between when it was disabled and when you click the reactivate button, if it's too long, the page reloads instead and if your session really is expired, you'll have to log in again.

3 Hooks into the existing Convio script and displays their Log Back In box when too long a time (25 minutes) has gone since last detected activity -- so, when the script flips to reload mode instead, it also pops up the familiar box.

Note: Convio has not modifed it's JavaScript to include timout IDs. I've submitted a support request, and when that change happens, this script will be able to stop the internal Convio script from showing the Log Back In box at all.

Anyway, there you go.

Wow... very cool! Thanks for sharing!

Michael :

A new version:

Updated by request to also listen for mouse click events -- some users, rather than typing, do a lot of copy-paste work and (at least in IE) Ctrl-C and V doesn't seem to register as a keypress. I added a listener for mouse clicks as well.

The only thing so far people have reported not working well with this script is that sometimes the Log Back In box comes up right after closing it. Near as I can tell, that happens when the official Convio one pops up on it's normal schedule. It seems random, but it's really not. The reason and fix for this is already well documented, I'm still wait to hear from Convio on that.

After successfully navigating a multitask day - conscientiously hitting Save throughout the day navigating team raiser set up - (with the tiny HTML screen and the long required scroll down to the Save buttons) -- I got a phone call and missed the timing and boom lost a particularly involved piece of work. This timing out thing - would make me think twice about recommending the Convio platform - it causes too much productivity loss and frustration - as people don't work without interruptions, distractions will always lead to losses from timeouts.

This workaround is something we really need but it is not clear to me how to do it - Where do you navigate to to insert this script?

Michael :

Sorry, I use FireFox, which will display the contents of .js files as plain text (same with css, etc)... I forgot that IE actually tries to execute the code. Silly IE.

Here's a ZIP version you can download:

If you don't happen to have access to modify the SDP: "SITE_ADMIN_LOGO_IMAGE" you may need to talk to either support or you account rep for help. Also, if you don't have access to your FTP site, or you don't have another place to upload JS file too, you'll need to figure a way to do that as well since the whole script can't fit in the SDP field itself.

Finally, I noticed the implementation notes located at the very bottom of that file we a little old, so I updated them. In case you see this before Convio updates it's cache, here's what it should say:

Implementation Notes: Add the following HTML to the SITE_ADMIN_LOGO_IMAGE Site data field in Site Setup. Include it as the very first thing in the SDP field, above whatever might already be there. Below is the entire contents of that parameter in the CARE instance. Only the <SCRIPT> element needs to be added to yours, not the whole thing. The path to your JS file, of course, will need to be changed from what appears below. <script type="text/javascript" src="https://my.care.org/care/apps/keepalive/keepalive-1.3.5.js"></script> <div style="background-color: #000000; margin-top: 5px; margin-bottom: 5px"><img src="/care/images/content/pagebuilder/11867.jpg" border="0" /> </div>

Also, it occurs me to that the margin styles in that DIV make it a little less cramped since this script does write a bunch of stuff out at the top of your page. You can tweak as needed to make it fit of course.

If anyone has any suggestions, bug reports, or complaints related to this script, please put them in this thread -- I welcome all feedback.

In the KeepAlive JS Script, do we need to change line 37 to refer to our own account?

var Path = "https://secure3.convio.net/YOURNAME/admin/AdminHomePage";

Regards, BPM

Brian Mucha:

In the KeepAlive JS Script, do we need to change line 37 to refer to our own account?

var Path = "https://secure3.convio.net/YOURNAME/admin/AdminHomePage";

Regards, BPM

I updated our script to refer to our site, and also added color to the Disable/RE-Enable links.

    function KeepAliveRequest(kill){

        KeepAliveDEBUG("KeepAliveRequest Sent: " + LastPing);

        if(KeepAliveActive){

            LastPing = new Date();

            var Path = "https://secure3.convio.net/YOURSITE/admin/AdminHomePage";

            var Args = "pagename=adminabout&mfc_popup=true";

            var TimeDif = window.LastPing.getTime() - window.LastStroke.getTime();

            if(TimeDif < window.KeepAliveDuration && !kill){

                var KeepAliveRequestObj = new XHR({method: 'get', onSuccess:KeepAliveUpdater}).send(Path,Args);

               $("keepalivesession").innerHTML = "Keep-Alive Active: " + LastPing + " :: Current ping rate: 1 every " + ((KeepAliveDuration / 1000) / 60) + " minutes -- ";

            }

            else{

                LastPing = new Date();

                clearInterval(window.KeepAliveID);

                var KeepAliveRequestObj = new XHR({method: 'get', onSuccess:KeepAliveUpdater}).send(Path,Args);

               $("keepalivesession").innerHTML = "Keep-Alive <b><font color=\\"#ff0000\\">Disabled</font></b> at " + LastPing + " <div><b>NOTE: You will be required to log in if you've been idle for more than " + ((ForceKillDuration / 1000) / 60) + " minutes since the time indicated.</b></div>";

                $("keepalivekeys").style.display = "none";

                KeepAliveActive = false;

               KeepAliveKillDialogID = setTimeout(keepAliveString,ForceKillDuration); //Activates built-in Convio Keep Alive dialog

            }

        }

    }

The color tags in the script above in combination with the following in the site logo field gives the keep-alive status text at the top of each page a much less intrusive light blue on blue color. (I just wasn't able to color that link from this div style for some reason.)

<div style="color: #c6d9e9;">

    <script type="text/javascript" src="https://secure3.convio.net/YOURSITE/js/keepalive-1.3.5.js"></script>

</div>

Regards, BPM

Brian Mucha:

I updated our script to refer to our site, and also added color to the Disable/RE-Enable links.

    function KeepAliveRequest(kill){

        KeepAliveDEBUG("KeepAliveRequest Sent: " + LastPing);

        if(KeepAliveActive){

            LastPing = new Date();

            var Path = "https://secure3.convio.net/YOURSITE/admin/AdminHomePage";

            var Args = "pagename=adminabout&mfc_popup=true";

            var TimeDif = window.LastPing.getTime() - window.LastStroke.getTime();

            if(TimeDif < window.KeepAliveDuration && !kill){

                var KeepAliveRequestObj = new XHR({method: 'get', onSuccess:KeepAliveUpdater}).send(Path,Args);

               $("keepalivesession").innerHTML = "Keep-Alive Active: " + LastPing + " :: Current ping rate: 1 every " + ((KeepAliveDuration / 1000) / 60) + " minutes -- ";

            }

            else{

                LastPing = new Date();

                clearInterval(window.KeepAliveID);

                var KeepAliveRequestObj = new XHR({method: 'get', onSuccess:KeepAliveUpdater}).send(Path,Args);

               $("keepalivesession").innerHTML = "Keep-Alive <b><font color=\\"#ff0000\\">Disabled</font></b> at " + LastPing + " <div><b>NOTE: You will be required to log in if you've been idle for more than " + ((ForceKillDuration / 1000) / 60) + " minutes since the time indicated.</b></div>";

                $("keepalivekeys").style.display = "none";

                KeepAliveActive = false;

               KeepAliveKillDialogID = setTimeout(keepAliveString,ForceKillDuration); //Activates built-in Convio Keep Alive dialog

            }

        }

    }

The color tags in the script above in combination with the following in the site logo field gives the keep-alive status text at the top of each page a much less intrusive light blue on blue color. (I just wasn't able to color that link from this div style for some reason.)

<div style="color: #c6d9e9;">

    <script type="text/javascript" src="https://secure3.convio.net/YOURSITE/js/keepalive-1.3.5.js"></script>

</div>

Regards, BPM

Thanks so much for this!!! I'm really impressed. I tried to install it--but I'm wondering, am I supposed to be able to see the script tag at the top of the screen when I'm logged into the admin page? And why is there an <img src> tag when I don't actually see an image? I tried using our logo image link and it doesn't seem to work...

Mindy

Brian Mucha:

No you shouldn't see that tag. You must have made a mistake customizing the script itself to refer to YOUR site, or else in the Site Settings field.

Here's what is in my settings field.

<div style="color: #C6D9E9;">

<script type="text/javascript" src="https://secure3.convio.net/cmf/js/keepalive-1.3.5.js"></script>

</div>

I leave the image out so that there is less dead space in that masthead. I already know what my logo looks like!

If you want one I think it should look something like this...

<img style="margin: 5px 0 0 10px;" src="../_resources-new/images/logo-hfl.gif" /><br/>

<div style="color: #C6D9E9;">

<script type="text/javascript" src="https://secure3.convio.net/cmf/js/keepalive-1.3.5.js"></script>

</div>

This is what mine looks like. I like the idea of leaving out the image. Just not sure where I went wrong. Should the URL for the line below just be where I've uploaded my js file to (which in my case i http://www.ncconservationnetwork.org/convio_keep_alive)?

<script type="text/javascript" src="https://secure3.convio.net/cmf/js/keepalive-1.3.5.js"></script>

Mindy Hiteshue:

Thanks so much for this!!! I'm really impressed. I tried to install it--but I'm wondering, am I supposed to be able to see the script tag at the top of the screen when I'm logged into the admin page? And why is there an <img src> tag when I don't actually see an image? I tried using our logo image link and it doesn't seem to work...

Mindy

Thanks guys! I think I figured it out with your help. I don't have the weird text up there anymore.

Brian Mucha:

I believe the winter update broke the lovely keep-alive script. Sigh.

Regards, BPM

Ugh. Really? I have been getting a lot of complaints about people being logged out after just a few minutes (less than 5). Apparently, they hit save on what they're working on and then they are taken back to the login screen. What is going on? Ahhhhhh!

ajones :

Brian, et al,

Do y'all get a timeout warning message, or do you get time out without a warning?  The warning is a dialog very similar to the timed-out dialog, but with button choices as "Continue Working" (which resets the timer) or "Log Out".

Just a timeout, I believe. Trying again to confirm.

Michael :

The way the keepalive.js script is engineered, it will use whatever Convio has set it's internal popup to display content and function-wise.  The trick is, because of a long-standing bug in the way the JavaScript is written on the Convio site, this keep alive script CANNOT stop the built-in Convio one from working the first time around.  The fix is super easy (not to meaning a best-practice in JavaScript development), but it never seems to make it into any Convio releases.  When I mean super easy, I really do mean super easy and without any possible risk of breaking other functionality.  It's pretty irksome that the fix hasn't been put in -- probably because they don't consider this a problem -- which it is.  (anyway).

The upshot is that you'll still get the box -- just click the X to close it and keep working.  The Keepalive script will automatically disable itself if you don't change pages, press a key or click a mouse on anything in the Convio window for a period longer than 25 minutes.  If you have the UI enabled in your version of the script, you can click the Enable link to start it back up, otherwise it will only restart if you click a link or refresh the page.

I've posted a new version that contains a bugfix that fixes an issue where it would sometime disable itself after a few itterations regardless of activity.

https://my.care.org/care/apps/keepalive/keepalive-1.3.9.js

I just confirmed again Michael.

Left Convio alone for a while, the JS still indicated it was pinging every 10 minutes. Then clicked a nav link and was brought to the login screen. Session expired despite the pings.