Manage Learn to apply best practices and optimize your operations.

Domino SSO timer

This agent and JavaScript code will automatically create a pop-under window that waits x number of seconds before your SSO expiration time occurs.

View member feedback to this tip.

This agent and JavaScript code will automatically create a pop-under window that waits x number of seconds before your SSO expiration time occurs. The agent has four constants and one variable for configuring the agent. The agent constants are:

maxWait% -- An integer constant that must be set to the number of minutes to wait before a pop-up appears for the user to log in again. The value should be less than the SSO expiration time.

msgText$ -- A string constant that defines the text information that will appear in the body of the pop-under window.

titleText$ -- The string constant used to define the title of the browser's pop-under window.

fileName$ -- The string constant that defines the NSF file which contains the agent. (Include relative path information in the NSF name. For example, utilsMyNsfFile.nsf.)

popupText$ -- The string constant that defines the text which will appear in the alert message when the SSO expiration time -- maxWait% time elapses.

There is also a string variable called urlRedirect$. It contains the value "SSOTimer" as the name of the agent. Replace "SSOTimer" to the same name you gave to your agent that contains the code.

The agent should have the following settings:
When should this agent run? = Manually from agent list
Which document(s) should it act on? = Run once (@Commands may be used)

The agent will detect if it was called from a parent window. If so, focus will be returned to the parent window after the user responds to the alert message and logs onto the server again.

To call the agent and create the pop-under window, you will have to call the agent using some JavaScript code. I have Web applications that present the user with a navigator and an embedded view. Of course, the embedded view is contained in a form. That is where I added the onLoad JavaScript code.

The JavaScript code will set a cookie that has a life span of the Web session. If the cookie is not set, it assumes that the pop-under window needs to be loaded. You are not limited to using the JavaScript code in the onLoad event. Use it anywhere that makes sense as your known starting point into your Web application.

In summary, the process works as follows:

  1. User logs into Web application and triggers the agent to run in a pop-under window.

  2. The pop-under window waits for the specified period of time and then alerts the user with a user defined message.

  3. User logs in with user name and password again (refreshingSSO expiration time).

  4. Focus is returned to the parent window.

LotusScript Code:

Sub Initialize
 Const maxWait% = 1
 Const msgText$ = "Single Sign-On 
Timer - Waits five minutes before the 
session times out and pop-ups up to 
ask user to sign in again to prevent 
losing any information."
 Const titleText$ = "Domino Password 
 Const fileName$ = "YourNotesDB.nsf" 
 Const popupText$ = "Your password 
will expire in five minutes. Press 
OK to enter your user name and 
password again." 
 Dim urlRedirect As String
 urlRedirect$ = fileName$  +
 "/?logout&redirectTo=" + fileName$ 
+ "/SSOTimer?openagent"
 Print "<head>"
 Print |<META HTTP-EQUIV='Refresh'
 CONTENT='| + Trim(Cstr( maxWait% 
* 60 ) ) + |; URL=| + urlRedirect$ +
 Print "<TITLE>" + titleText$ + 
 Print |<BODY TEXT="000000" 
 if (document.all) {
 Print "else if 
(document.layers||document.getElementById) {"
 Print "if 
 Print |top.window.outerHeight = 
top.window.outerWidth = 
screen.availWidth; } }
var curDate = new Date();
alert( curDate + ": | + popupText$ + |");|
 Print |" onLoad="top.window.moveTo(0,0);
 if (document.all) {
 Print "else if (document.
layers||document.getElementById) {"
 Print "if 
 Print |top.window.outerHeight = 0;
top.window.outerWidth = 300;
 if ( opener ) {
}">| _
+ msgText$ + "</body>"
End Sub

JavaScript Code:


function getPath() {
var curURL = "" + window.location;
var pos = curURL.indexOf(".nsf");
 //find the position var path = "";

if ( pos != -1 ) {
 path =  curURL.substring(0, pos) +
 ".nsf"; } else {
 var URLInfo = curURL.split( "/" );
 path = URLInfo[0] + "//" + URLInfo[2] + "/" + 

return path;


function setCookie(name, value, expires, 
path, domain, secure)
    document.cookie= name + "=" + 
escape(value) +
        ((expires) ? "; expires=" + 
expires.toGMTString() : "") +
        ((path) ? "; path=" + path : "") +
        ((domain) ? "; domain=" + domain : "") +
        ((secure) ? "; secure" : "");


function getCookie(name)
    var dc = document.cookie;
    var prefix = name + "=";
    var begin = dc.indexOf("; " + prefix);
    if (begin == -1)
        begin = dc.indexOf(prefix);
        if (begin != 0) return null;
        begin += 2;
    var end = document.cookie.indexOf
(";", begin);
    if (end == -1)
        end = dc.length;
    return unescape(dc.substring(begin 
+ prefix.length, end));


This code can be improved to check if 
the window is already opened and not 
recreate the window. This may be 
needed if a user closes the calling 
browser window, leaves the timer open, 
and then starts a noted Web session that 
attempts to open the timer window again.

if ( getCookie( "ssoTimer" ) == null ) {
 setCookie( "ssoTimer", "Y" );
 var agentName = "SSOTimer/?openagent";        
 var dbName = getPath();
 ssoWin = + "/" + 
agentName , "ssotimer", "width=700,height=
450,status=no, resizeable=yes, 
scrollbars=yes, menubar=no"); 


I tried this tip last fall, but didn't like the pop-up window being launched at the same time the user logs in. By the time the window is actually needed, many users would have closed the background pop-up window. It's not the normal way timers work on web-sites, so you would have to train your users and some would complain that it should work the way every other site works.

I personally think Lotus should build an inactivity timer into the Domino web server and it should work regardless of whether or not SSO is turned on. I don't understand why this wasn't available several years ago.

Speaking of SSO, we used it for a short while, but decided to turn it off when we realized we couldn't use an IP address to get to the server with this feature on. Occasionally, someone who is traveling will have DNS problems and being able to use an IP address as opposed to a fully qualified host name is an essential back door to get to webmail.

—Stan E.


This is something I have been seeking for a while. Will this run in R5? May I please have a sample database with this code contained in it?

—David B.


Yes, the code will work on R5. I intentionally made the functionality work with an agent, so you would not have to worry about extra steps to implement what the agent does.

For example, you would have to make a form that would require code in the JavaScript Header and HTML Content areas. You would also have to place static text or pass parameters with Query_String or utilize a @DbLookup to get the title, pop-up and message that would appear to the user in the pop-under window (not to mention SaveOptions to prevent saving the document, etc). The agent method is easier to manage by setting the constants. (It is not a real Domino form so no accidental saves will occur to the NSF file.)

—Dennis Potts, tip author

Addendum -- tip author Dennis Potts e-mailed us on May 6 with this message: The pop-under window does not close if the parent window is closed. If a pop-under window is left open and becomes an orphan when the parent closes, a premature pop-up alert will still move to the background, but it is a little confusing to users to see the alert as soon as they log onto a new parent window.

Dennis has submited an update that will close the pop-under window when the parent is closed. Click here to view that update.

Do you have comments on this tip? Let us know.

This tip was submitted to the tip exchange by member Dennis M. Potts Jr. Please let others know how useful it is via the rating scale below. Do you have a useful Notes/Domino tip or code to share? Submit it to our monthly tip contest and you could win a prize and a spot in our Hall of Fame.

Dig Deeper on Lotus Notes Domino Agents

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.




  • iSeries tutorials's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...