Guides

iFrame activity detection capability

Suggest Edits

🧭 Activity Detection – postMessage Integration

🔄 Purpose

To help the host application detect user activity within an embedded Worklio iFrame and manage session timeouts accordingly.

📡 Behavior

The embedded Worklio iFrame sends an activity signal to the parent window using:

window.parent.postMessage("activity", "*");
  • Triggered on: mouse movement or keyboard input inside the iFrame.
  • ⏱️ Rate-limited: emitted no more than once per minute, even during continuous interaction.

🛠️ Host App Integration

To capture and validate activity messages securely:

// Replace with the actual URL of the embedded iFrame
var url = "https://api.worklio.com/DispatcherICU?...";
var origin = new URL(url).origin;

window.addEventListener("message", function (e) {
    if (e.origin !== origin) return;

    if (e.data === "activity") {
        // Reset host timeout or mark session as active
        console.log("User is active in iFrame");
    }
});

✅ Why Origin Check Is Important

Using window.parent.postMessage("activity", "*") allows cross-origin messages.
To prevent spoofed messages from other sources, always validate the origin before processing the message.

📝 Notes

  • You can store the iFrame url dynamically if the session link is generated at runtime.
  • Adjust session timeout or activity tracking logic based on your app’s UX and security needs.

Updated 10 days ago