Session Inactivity and browser reset

Just out of curiosity, how are you detecting inactivity? And is this a browser-based app? If it is browser-based, and you're asking how to clear the browser screen after inactivity, this is a client side process which would be best handled by some injected JavaScript in an HTTP response. Even then, there's no real guarantee that you can completely eliminate the client side (possibly cached) data.

I use a simple session like

 

session add simple [HTTP::cookie value mycookie] active 60

 

Then when a request comes in if I do not have the session then i flag it as having a period of inactivity....

 

 

So I can catch the next request and block them from going further. But they want the screen redirected to remove any data that may have been being displayed. Not worried about the cache. These are Kiosks in the warehouse for the workers to check the hours paycheck etc. They will be locked down to where they cannot do much, the worry is that someone will walk off and leave their information on the screen.

 

 

I though about injecting javascript but not sure how that would work.

 

Controlling browser behavior like the back button is considerably difficult, so while you may be able to redirect away from the screen, it may not prevent going back to previous content. Here is a VERY simple script that injects a JavaScript timer into every response page. The timer restarts on every page load, but DOES NOT account for activity within the browser (mouse movements, etc.) so you'll need to modify it for that. This is just an example of how to inject the JavaScript:

when HTTP_REQUEST {
     STREAM::disable
     HTTP::header remove "Accept-Encoding"
} 
when HTTP_RESPONSE {
     if { [HTTP::header value Content-Type] contains "text" } {
          STREAM::expression {@@@}
          STREAM::enable
     }
} 

Apply a blank Stream profile to the virtual server for this to work.