How to Forcefully Close WebSocket on Session Timeout in Node-RED Dashboard 2?

I am working on a project using Node-RED 2.x Dashboard and have the following requirements:

Understand where and how the WebSocket connection is established in the Node-RED Dashboard 2.

Determine how to disconnect or close the WebSocket connection programmatically when a user session times out.

  • On session timeout:
  •     Send a message to the UI.
    
  •     Display a dialog informing the user about the timeout.
    
  •     Redirect the user to the login page after acknowledging the dialog.
    

Could someone guide me on how to achieve these tasks? Specifically:

Where is the WebSocket created in the Node-RED Dashboard 2 codebase?
How can I forcefully close the WebSocket when a session times out?

Do you have a way of knowing when an individual session times out? If you do, is that server side or client side?

I assume you want this on the client side, as you will have multiple sessions.
You need to determine inactivity based on you application requirements, for example listen to events such as:

window.onload = resetTimer;
document.onmousemove = resetTimer;
document.onkeypress = resetTimer;
document.onscroll = resetTimer;
document.onclick = resetTimer;
document.ontouchstart = resetTimer;

Once the timer expires, you can open a warning pop-up, and then set window.location.href to move to a login page. If you want to force the socket close, then the login page should be on a different site (not Node-red dashboard) or just close the current page using window.close()

The connection is setup as part of the ui-base.js, specifically here:

As for forcing a connectin to close, we don't have anything built in for that currently, but to echo @Colin's question, how are you determining that a session has timed out?

I'm working with the ui_base.js file in Node-RED and handling socket connections using the onConnection method. Here's my code snippet:

function onConnection(socket) {
            // Record mapping from connection to the ui-base node
            socket._baseId = node.id;
        
            // Handle cookies
            let cookies = socket.request.headers.cookie;
            console.log("****************cookies in socket: ", cookies);
        
            if (!cookies) {
                console.log("@@@@@@@@@@@@@@@@@@@No cookies found, closing socket connection.");
             //   handleDisconnect(socket, 'no cookies found');
                socket.disconnect(true); // Close the WebSocket connection if cookies are missing

                return;
            }
            

             // node.connections[socket.id] = socket // store the connection for later use
                    uiShared.connections[socket.id] = socket // store the connection for later use
        
                    emitConfig(socket)
        
                    // clean up then re-register listeners
                    // cleanupEventHandlers(socket)
                    // setup connections, and fire any 'on('connection')' events
                    setupEventHandlers(socket, true)
        }

Currently, when there are no cookies, I disconnect the WebSocket connection using socket.disconnect(true);. However, I would like to redirect the user to my login portal, located at http://localhost:1880/api/login.

How can I achieve this redirection from the server-side? Is there a standard way to inform the client to perform the redirection when the connection is closed or through some event?

Do you really want to disconnect the socket.io connection? Doing so means that the client can't get ANY comms without reloading the page. Indeed, I think that the client will probably try to auto-reconnect.

Instead, wouldn't it be better to control comms from Node-RED? If the client's session is closed, prevent comms getting to the client - except for something like a redirect instruction to take it to the login page - or even to simply display a login overlay on the current page which would be better since Dashboard is a single-page app. Similarly block all comms from the client except the login data.