I have a requirement in our application that the user is doing a transaction on the site and in the middle he goes to another website for about to 30 mins and he returns back to our page, then this time we need to close his transaction at any moment and redirect him to home page (i.e. session invalidate and redirect to home without user interaction), this will happens only after 30 mins. This should happens if he returns to our page or not, but internally we should redirect to home automatically after 30 mins time.
the user is opened 2 windows, in one window he is using our site and he is in the middle of the transaction, suddenly he got to go another site for more than 30 mins, then he oepend another window and using, after morethan 30 mins, he opened our site, then immediately we show him home page (Ex: DCU.org site).
So you are saying that, if the user returns to your site after the session has expired, he would be redirected to the login page?
If so, that's a very common requirement.
Usually, it is satisfied by employing a servlet filter. The filter is invoked prior to every protected page, and if the session token is not in the session, a redirect to the login page takes place. Upon login, the session token is created so that users can visit the protected pages. Once the sessions expires, the token is no longer available (and can be removed upon a logout action). [ July 01, 2008: Message edited by: Bear Bibeault ]