Sw4   >   Misc   >   Security Timeout

Security Timeout

There is a security timeout option available with the StudioWorks framework. The timeout option provides an added level of security to a StudioWorks application by opening a timeout window in front of all the other Omnis Studio windows if there is no user activity in the StudioWorks application for a predetermined amount of time. If a user leaves their computer without closing their application, the timeout security will prevent other users from accessing the user's application on their computer after the predetermined amount of inactive time.

Users could get the same type of security on their computer by using a screen saver with password protection. However, that puts control of timeout security in the hands of the users. If enabled, the StudioWorks timeout will enforce timeout security for everyone who has the StudioWorks application open.

Enabling Timeout Security

To enable the security timeout option modify the $signInOKContinue method of the main library Startup_Task to send an $initializeTimeoutTimer message to the oSecurity object followed by a $startTimeoutTimer message.

The following sample code is copied from the initializestartTimeoutTimer method of the Startup_Task of the myAppMain library of the StartNewApp demo.

; Does the user profile, specify a timeout or signoff?
If secur.$:UserTimeoutMinutes.$cando
   Do secur.$:UserTimeoutMinutes Returns TimeoutMinutes
   Do secur.$:UserTimeoutSignOffTime Returns SignOffTime
End If

; If the timeout minutes is zero, use the default system preference timeout.
If TimeoutMinutes=0
   ; Use the system prefs default timeout.
   If oSysPrefs.$:DefaultTimeoutMinutes.$cando
      Do oSysPrefs.$:DefaultTimeoutMinutes Returns TimeoutMinutes
   End If
End If

; If the signoff time is null, use the default system preference signoff time.
If isnull(SignOffTime)
   If oSysPrefs.$:DefaultSignOffTimeOfDay.$cando
      Do oSysPrefs.$:DefaultSignOffTimeOfDay Returns SignOffTime
   End If
End If

; Initialize the timeout timer.
If TimeoutMinutes>0&not(isnull(SignOffTime))
   If secur.$initializeTimeoutTimer.$cando
      Do secur.$initializeTimeoutTimer(TimeoutMinutes,SignOffTime) Returns FlagOK
      If FlagOK
         ; Start the timeout timer.
         Do secur.$startTimeoutTimer() Returns FlagOK
      End If
   End If
End If
Quit method FlagOK

This method is called by $signInOKContinue right after the default method is run.

; Redirect to the startup task default methods object.
Do redirect ioStartupTaskDefaultMethods Returns FlagOK
If FlagOK
   Do method initializestartTimeoutTimer Returns FlagOK
End If

If not(FlagOK)
   Do errhndlr.$promptonceLastError()
End If
Quit method FlagOK

The timer is reset each time the user opens a window or switches subwindows, clicks on a toolbar button or a headed list, or presses a key while in an entry field. (You can find all the places where the timeout timer is reset by searching the StudioWorks libraries for Do secur.$resetTimeoutTimer)

If the timer is not reset for the specified number of timeout minutes, the timer is stopped and the wSecurityTimeoutSignIn window is opened. The timeout window opens in front of palette windows, does not allow clicks behind, and disables menus and toolbars. The user must reenter their password in the timeout window. If the user correctly enters their password the timer is restarted and the timeout window is closed allowing them to continue working where they left off. If the user incorrectly enters the password 5 times the timeout window force quits Omnis Studio.

Setting Timeout Minutes

You the developer can decide when, where, and how to set the timeout minutes and where to store it.

The practice I normally follow is to have a default timeout number of minutes stored in the system preferences. The default timeout minutes can then set by the system administrator. I also give the option of having a user timeout minutes stored in the user profile. If the user timeout minutes is a non-zero value it is used, otherwise the system preference default timeout minutes is used.

The oSysPrefs object and related wSysPrefs window can be found in the mySysAdmin library of the StartNewApp demo.

Setting the user timeout minutes and signoff time can be found in the wUsrEdit window in the mySysAdmin library of the StartNewApp demo.