Implementing session timeouts in a windows application developed using VB6.
Posted on 2005-03-15
I am maintaining a very complex financial application that was developed using Visual Basic 6.0 and Oracle. The application contains very confidential data and must be very secure. One of the security requirements of our new client is that when a person does not use this application (not the computer) for more than a specific timeperiod (say 10 minutes), the application should verify the user by asking the password again.
Note that users may still be at the computer doing other things such as checking mails or using spreadsheets. Hence, using a screensaver is ruled out - the check has to be inside the application itself.
The application has a very rich UI and uses a variety of third-party controls for grids, list views etc.
What I need is a central way to handle all events in the application without actually having to make changes to each individuval event handler as this will amount to an enormous effort in development and testing because the application has a lot of screens.
I am open to using a hook developed using C++ or any other way of intercepting the event messages even before the event handler is called. This central place could use a variable that holds the next timeout. every call will add 20 minutes to this. When the timer goes off, the session timesout and the next access to the application can trigger user verification process. However, I dont know how this could be implemented for an application developed using Visual Basic 6.0.