Clearing session or cookies on PageRefresh

[hackwithharsha]

Hi Team,

In the following web page, we are rendering two visualizations.. Initially, It will render both the visualizations when our web server is up and serving tokens.. However, when our web server is down and failed to send token on web page refresh, there is no token and the first visualization will throw an error like 10084 which is perfectly fine and then second visualization is rendering using previous session cookies that were stored earlier… I think, you might have clear cookies or session tokens on page refresh. As there is no way to control cookies in Javascript for an Iframe as far as I know.

Check following screenshot.. Happy to connect and provide more information on this if required. It would be great, if you could release a some patch fix in Tableau Embedding API.

[stephenlprice]

I think there are implementations that would rather not clear the session cookie on every page refresh, however it would be useful to document a way where a developer can deliberately clear a session if they wanted to.

For example:

1. 1st session is established and a custom session object is created to track duration (240 minutes is the default)
2. User refreshes the page and the application checks the session object to determine if it is still active
3. If the timeout has not been reached then a new session is not required
4. If the timeout has been reached or is soon to be reached, then a new session is established

What is causing issues in some implementations is that the session is established by adding a web component to the page. Other embeds do not need to do this and can simply use the active session started by the first embed. However, if for whatever reason this new session fails, the first embed displays an error while everything else displays normally using the existing session.

Perhaps adding a method to establish a session without redeeming it via an embed or image request as well as a method for clearing that session would allow developers to have a more deliberate session lifecycle.

[stephenlprice]

Helping devs deliberately kill sessions established via JWT will be useful in other scenarios such as when a user logs out of the embedding app -- this will also clear the Tableau session.

In particular, this would be so helpful when prototyping embeds with Connected Apps since that way you don't have to worry about clearing the session manually, opening tabs in incognito mode or trying other techniques to help you troubleshoot JWTs.

[hackwithharsha]

I think there are implementations that would rather not clear the session cookie on every page refresh, however it would be useful to document a way where a developer can deliberately clear a session if they wanted to.

For example:

1. 1st session is established and a custom session object is created to track duration (240 minutes is the default)
2. User refreshes the page and the application checks the session object to determine if it is still active
3. If the timeout has not been reached then a new session is not required
4. If the timeout has been reached or is soon to be reached, then a new session is established

What is causing issues in some implementations is that the session is established by adding a web component to the page. Other embeds do not need to do this and can simply use the active session started by the first embed. However, if for whatever reason this new session fails, the first embed displays an error while everything else displays normally using the existing session.

Perhaps adding a method to establish a session without redeeming it via an embed or image request as well as a method for clearing that session would allow developers to have a more deliberate session lifecycle.

@stephenlprice You elaborated that perfectly, thank you !!