• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Redirect to login page on session timeout

 
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
HI,

I would like to redirect to login page on session time out. I looked at HttpSessionListener but I could not find any thing which does this. I looked at some examples which says to check the session whether is it new or not in the servlet. This can be checked only when the user click a link or a button. But in my case, after some period of inactivity, it should automatically redirected to login page.

Any help is appreciated..
 
Sheriff
Posts: 22783
131
Eclipse IDE Spring VI Editor Chrome Java Windows
  • Likes 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
We've had a thread about this a short while ago: https://coderanch.com/t/566179/Servlets/java/Session-time-out-notification
I quote myself from that thread:

I definitely wouldn't want a real-time session invalidation to do anything to my current browser contents. Imagine I log in, start reading a long piece of text, and after a while, while I'm still reading, all of a sudden my browser navigates to this error message page because the session is invalidated. That would be the last time I visited your site.


Still, it would be possible, by having some keep-alive timer in JavaScript that uses AJAX to query some servlet / JSP that will tell whether or not the session is invalidated. But like I said, if you'd do that you will lose a lot of users.
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Actually any Ajax solution would not work as the act of making any request resets the session timer.

As has been pointed out many times in other discussions, all you can do is guess on the client.
 
Rob Spoor
Sheriff
Posts: 22783
131
Eclipse IDE Spring VI Editor Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Bear Bibeault wrote:Actually any Ajax solution would not work as the act of making any request resets the session timer.


Didn't even think about that.
 
Ranch Hand
Posts: 50
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
But doesn't the HttpSessionListener have a sessionDestroyed method. Can't you implement that one to redirect the user to the error page?

And even if you use the getSession(false) to ask if a session is Alive. Can you apply it like a filter that throws him out if it isn't.

Seeing it as a developer I would think of resource optimization but, as a user I would get annoyed. Unless is an 20 minutes exam or some limited time poll.
 
Bear Bibeault
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Likes 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Victor M. Pereira wrote:But doesn't the HttpSessionListener have a sessionDestroyed method. Can't you implement that one to redirect the user to the error page?


How? There's no request and no response. How are you going to get a connection to the user's system? How do you know that they aren't watching YouTube videos of the Cinnamon Challenge? Or breaking up with their girlfriend or boyfriend on Facebook?
 
Ranch Hand
Posts: 541
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Victor M. Pereira wrote:But doesn't the HttpSessionListener have a sessionDestroyed method. Can't you implement that one to redirect the user to the error page?


ok, so you know session has expired, now what? There is no way to *contact* that user back(unless you want to get the phone number and call them ;-)) HTTP is stateless protocol.

Most people uses Javascript for redirecting to login page. That is also not 100% full-proof solution, as it won't work if website is open across multiple browser tabs.
 
Victor M. Pereira
Ranch Hand
Posts: 50
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Nope, your right the only way would be having filter and check if your session isAlive and then sending the correct page depending on the answer.

And the javascript would only work if it's multiple tabs on the same browser. Since the jsession would be the same for all tabs. However as Bear Bibeault pointed out
the ajax would reset the session timer. And just setting the timeout weather its active or not, is unacceptable.
 
Bear Bibeault
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Likes 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Victor M. Pereira wrote:Nope, your right the only way would be having filter and check if your session isAlive and then sending the correct page depending on the answer.


Check for the session "aliveness" is folly. There could very well be another session that has nothing to do with the first. Rather, check for an object that you placed in the session.
reply
    Bookmark Topic Watch Topic
  • New Topic