Canvas User Session Management

June 8, 2017 Appirio

By: Dharmesh Patel

We depend on integrations to provide rich functionality to our users who would normally be required to interact with multiple applications. While there are many different types of useful integrations, let’s instead focus on Force.com Canvas integration. Canvas allows external web applications to communicate seamlessly with the Force.com platform. It provides a mechanism to expand your Salesforce capabilities without having to switch between web applications.

A few benefits of using Canvas:

  • The Force.com Canvas SDK includes lightweight JavaScript libraries that enable your application to authenticate and exchange data without cross-domain network issues. These JavaScript libraries also provide simple hooks into the Salesforce REST and Chatter API.
  • Since you are surfacing your existing web application inside of Salesforce, you avoid the additional effort of redesigning your application – enabling a much quicker integration.
  • Canvas allows you to authenticate your users using OAuth 2.0 or a signed request, eliminating the need for users to authenticate to multiple applications.
  • Canvas enables you to control what Salesforce data and functionality users of the hosted application can access.
  • Installation and management of the application is handled by the system administrator.

While setting up a Canvas app is a straightforward configuration process in Salesforce, it does require proper planning. Here are few areas to consider:

Q: What security access method can your application support?

A: OAuth vs Signed Request, recommend using Signed Request because it doesn’t require additional coding

Q: Where will you surface your hosted application in Salesforce?

A: Options include Chatter, Sales & Service Consoles, Standard Page Layouts, Mobile Cards, Visualforce Pages, Lighting Components.

Q: What data exchange method should you use?

A: Consider using JavaScript for lightweight data sync and native REST API for large data volume.

Q: UI/UX- Horizontal and vertical real estate, responsive design, multiple scrollbars?

A: First, create the UI framework which can help define canvas app width and height.

Q: Which Canvas app entitlements do you recommend?

A: Recommend using Permission Sets, which are easy to deploy.

Lets consider User Session Management (USM) in more detail — specifically, how to keep the Salesforce session and Canvas app session in synch. USM is essential for users to avoid being logged out of Salesforce or the Canvas App, due to inactivity. This causes both user experience (UX) issues. And more importantly, can lead to loss of data. USM issues occur when a user spends a considerable time inside of your Canvas application, while the Salesforce user session they’re using remains idle and times out, due to inactivity. Or you have a valid Canvas App session, but when it tries to communicate with Salesforce, the session is expired, and the user is then redirected to the login page.  

To resolve this USM issue, I recommend that the Canvas app track the Salesforce session timeout period when the Canvas app is initiated. This app will then call the Salesforce refreshSignedRequest() method before the Salesforce session timeout is reached. This approach works without disrupting the end user’s session, and doesn’t cause a page reload. Click here for more details (including code samples) on using the refreshSignedRequest() method.

I hope this blog has provided thoughts on Canvas User Session Management. For more information on Force.com Canvas, we highly recommend reading this Canvas Developer Guide.

Previous Article
How To Sort Date And Date/Time Columns in Data Tables
How To Sort Date And Date/Time Columns in Data Tables

By: Munib Rehman Problem Definition Data tables internally sort the dates for specific formats only, but we...

Next Article
Publisher Actions — Object Specific Actions
Publisher Actions — Object Specific Actions

By Vikas Menon Publisher Actions let you create standard or custom actions (e.g., create a record) and plac...