• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Session timoeout on JSP

 
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

i need to handle session timeout on Jsp in my application. Currently when session is timeout and user clicks on submit button then a request is send for an JSP. Now on this JSP a new session object is created since existing one is expired. I did not want new session to be get created on JSP if older one is expired.

Any help is appreciated!!!
 
Ranch Hand
Posts: 5575
Eclipse IDE Windows XP Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
use session="false" at page directive in the particular page

Hope This Helps
 
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
But it will prevent that jsp to participate in any session. As i understand what is required is to not create the session on any jsp invoked after the session has timed-out. What kind of authentication mechanism are you using ?
 
Ranch Hand
Posts: 234
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Whenever session is timedout or becomes invalidate then if the object assocaited with the session has implemented HttpSessionBindingListener interface then this object is notified.

you can use the valueUnbound method and can set some variable in this method which you can use in your JSP.

I didnt try this solution, but i think it should work.

Thnaks
 
vk jain
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i am using Basic authentication
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Not sure what authentication has to do with it, but you haven't stated what you actually want to achieve - that the session should not expire at all, or that -once it has expired- no new one should get created.

The former can be achieved by calling HttpSession.setMaxInactiveInterval

The latter would be very hard, if not impossible, to achieve, and doesn't make much sense to begin with (it denies the user the use of the application).

I'd also note that a new session being created once the old one has expired is standard behavior; why is it not acceptable in your case?
 
Pedro Erencia
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Maybe i'm totally wrong, but i understand the question as "when the session expires i still can access the pages ( whithout being re-authenticated )". If a resource is unprotected and it relays in some session info it can lead to problems. That's why i asked about authentication, but more precise information maybe could avoid misunderstoods.
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I guess it could be read that way. It's a feature of basic authentication that the credentials are sent by the browser until the browser is shut down. In that sense, there is no connection between authentication and server session.
 
vk jain
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I required to show session timeout page when my session is expired on a jsp page say A.jsp.

Now suppose i am on A.jsp page and my session expired and then i click submit on A.jsp. On clicking submit a new request is sent to server for a Jsp say B.jsp. Now instead of showing B.jsp page i need to show session timeout page as my session is expired.

I apply a check on B.jsp page for seesion object, if session is null then redirect to SessionTimeout.jsp page, as my understanding was that if session is expired then obtaining session using request.getSession(false) will result into null but it returns a new session object. Due to this my checks fails and i end up with B.jsp processing.
 
Pedro Erencia
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
mmmm.. it should return null. At least that is what the specs claims. Then i'd use a filter.
 
You'll never get away with this you overconfident blob! The most you will ever get is this tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic