• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Auto Session logoff

 
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Not sure if Im posting my question into correct section.

I am using WebSpheer application server for my application,with session time out set to 15 mins. I have implementd a session listener that destroy's all invalid sessions once the session has ended upon inactivity from user for more than 15 mins.
Is there any way that I can send the user directly to login screen without having him to click any link on the application to check if the session is valid/invalid.
I am not able to find any means how can I continously check for a logged in user if his session had ended and forcefully sending him to login screen upon inactivity on the application.

Please help.

Thanks
 
Ranch Hand
Posts: 45
Firefox Browser Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Kaustubh,
Set some attribute into the session when user logs in and check it on each page.If session gets ended attribute will be null.Redirect the user to login page then.
Somethink like this
 
Bartender
Posts: 10336
Hibernate Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


I am using WebSpheer application server for my application,with session time out set to 15 mins. I have implementd a session listener that destroy's all invalid sessions once the session has ended upon inactivity from user for more than 15 mins.


Are you talking about HTTPSessions? WebSphere should do that automatically when the session timeout value is reached. You should not have to do anything.


Is there any way that I can send the user directly to login screen without having him to click any link on the application to check if the session is valid/invalid.
I am not able to find any means how can I continously check for a logged in user if his session had ended and forcefully sending him to login screen upon inactivity on the application.


This is how container managed security should work. Can you not just use that?
 
Kaustubh Hande
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Smitesh,

But my requirement is to rediredct the user automatically to login page as his session has ended and not wait him to click any link on app.
With setting a session attribute i will have to wait till he clicks some link on the app.

Thanks
 
Kaustubh Hande
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for the reply Paul,

The container does invalidate the session, but I want to keep running a process that checks if the user has been logged in fop more than the session time out value with inactivity on app and as the session ends he is redirected to login page automatically but not upon his next click in the application.

Thanks
 
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You'll need a periodic timer on the page that sends an Ajax request that does the check; if the user is logged out you can send them to the login page.

IMO that's a bad design; what if I'm looking at something on the page?

Perhaps something a little less destructive to the user experience would be better--or at least a noticeable warning before sending doom upon the hapless surfer.
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic