Troubleshooting: Re-authentication after timeout displays ‘Deleted Document Page’
Summary
An application has a 15-minute session timeout specified in the Access Group and the AuthenticationService uses the WebTimeout HTML rule. After 15 minutes of inactivity with the application, you click a tab or a button in the application and see a JavaScript error at the bottom of the Web page or Deleted Document Page. The application does not respond to your interaction with the screen as you continue to click on different tabs and other UI elements.
When you click the Report Browser tab and select any one of the reports, you see the webTimeout screen that prompts you to re-authenticate by entering your password. After you successfully re-authenticate, instead of seeing the Report Browser page, you see the Report Browser HTML source. Because the HTML rule is not properly rendering or triggering, you lose any changes you made on the Web page. You have to close and re-open the browser and log in again.
The Suggested Approach describes the new Section rule @baseclass.pxSessionTimer, introduced in PRPC 6.2 and 6.3, for use in user portals. It explains how to configure @baseclass.pxSessionTimer for timeout, matching the Access Group setting, and how to specify the timeout Warning pop-up and design the presentation of the authentication challenge window.
Errors
You see Deleted Document Page or a JavaScript error at the bottom of the Web page.
Webpage error details (example)
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; UserABC123; UserABC123)
Timestamp: Wed, 30 Oct 2013 22:33:30 UTC
Message: 'innerHTML' is null or not an object
Line: 3
Char: 18642
Code: 0
URI: <prpc_server_URI>
Suggested Approach
PRPC 6.2 and 6.3 introduced the new Section rule @baseclass.pSessionTimer for user portals. With this rule, you can customize the timeout behavior, matching it to the Access Group setting, and you can specify the timeout Warning pop-up and the presentation of the authentication challenge window. Include this Section in the Harnesses of your user portals.
Example
Here is an example that illustrates how to include @baseclass.pxSessionTimer in a Section layout. The example uses a local copy of the manager portal Section rule, Section Data-Portal.MgrTopPanel.
- In a copy of the rule SECTION Data-Portal MgrTopPanel, the Layout tab, define the section with the following Cell Properties specified:
- In the field Use Section, specify pxSessionTimer.
- In the field Visible, select Always.
- In the field Edit Options, select Auto.
- Click the magnifying glass icon
to open the PegaGadget-SessionTimeoutMgr parameters for editing.
-
Specify the PegaGadget-SessionTimeoutMgr parameters:
- In the field Timeout After (mins), specify a value that matches the amount of time specified in the user’s Access Group. You must convert the AccessGroup value from seconds to minutes for this parameter value.
- In the field Warning Windows (mins), specify a value ranging from 1 to 3 indicating the number of minutes BEFORE the timeout when a warning will be displayed. In the example screen above, the warning displays after two minutes of user inactivity.
- In the field Show Authentication Screen In, select New Window. This is the required, valid value. Do NOT select Modal Dialog.
-
Save and close the rule SECTION Data-Portal MgrTopPanel and test it in the application.
In the runtime application, the timeout warning window looks like this example screen:
Message from webpage:Your session has expired or will expire shortly due to inactivity.
Click OK to restore your session.
Even if application users do not respond to the warning before the timeout, they should still see the re-authentication screen, and should be able to complete that screen without seeing the Deleted Document Page message or other errors.
Additional Information
How to configure login security and password policies