Skip to main content

Application Lock

The application implements a locking mechanism to secure access after periods of inactivity or when its state changes. When locked, the application displays a screen identical to the Login screen, requiring user authentication to proceed.

Locking can occur even when there are unfinished orders or orders with partial payments.

Configuration:

The primary setting for controlling the lock screen behavior is lock.timeout. This configuration is available in CCC under cha.settings.v1.

  • Setting a Timeout: Set lock.timeout to a specific number of seconds. After this period of inactivity, or when the app is backgrounded/minimized, the Lock screen will be displayed.
  • Disabling Idle Timeout: Setting lock.timeout to zero (0) disables the time-based auto-lock when the app is active and in the foreground. However, other locking conditions will still apply, including a default background lock.

By default, the idle time lock is disabled (equivalent to lock.timeout being set to zero).

Locking Scenarios

The application will lock under the following conditions:

  1. Idle Timeout:

    • If lock.timeout is set to a value greater than zero, the application will automatically lock after that many seconds of user inactivity.

  2. App in Background / Minimized:

    • If lock.timeout is set ( > 0 ): The application will lock after the duration specified by lock.timeout when it is moved to the background or minimized.
    • If lock.timeout is not set (or set to 0): The application will lock after a default, non-configurable period of 3 minutes when it is moved to the background or minimized.

    Important: The background/minimized locking behavior described above does not apply to SCO (Self-Checkout) devices. SCO devices will not lock when moved to the background or minimized based on these rules.

  3. App Closed:

    • The application locks immediately upon being closed. When reopened, the user must unlock it to continue.

Unlock and Session Restore

When the application locks, it securely stores a sessionId: operatorId pair. Upon unlocking:

  1. The application attempts to retrieve an active session for the operatorId who is unlocking, specifically on the same workstation.
  2. If an active session is found and has not expired, it is restored, allowing the user to continue where they left off.
  3. If the session has expired or cannot be found, a new session is created as per the standard login process.

Important: Sessions can only be restored by the same operator and on the same workstation where the session was initiated.