File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JSP and the fly likes Session timoeout on JSP Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "Session timoeout on JSP" Watch "Session timoeout on JSP" New topic
Author

Session timoeout on JSP

vk jain
Greenhorn

Joined: Oct 05, 2007
Posts: 21
Hi,

i need to handle session timeout on Jsp in my application. Currently when session is timeout and user clicks on submit button then a request is send for an JSP. Now on this JSP a new session object is created since existing one is expired. I did not want new session to be get created on JSP if older one is expired.

Any help is appreciated!!!
Seetharaman Venkatasamy
Ranch Hand

Joined: Jan 28, 2008
Posts: 5575

use session="false" at page directive in the particular page

Hope This Helps
Pedro Erencia
Ranch Hand

Joined: Apr 03, 2008
Posts: 70
But it will prevent that jsp to participate in any session. As i understand what is required is to not create the session on any jsp invoked after the session has timed-out. What kind of authentication mechanism are you using ?
Brij Garg
Ranch Hand

Joined: Apr 29, 2008
Posts: 234
Whenever session is timedout or becomes invalidate then if the object assocaited with the session has implemented HttpSessionBindingListener interface then this object is notified.

you can use the valueUnbound method and can set some variable in this method which you can use in your JSP.

I didnt try this solution, but i think it should work.

Thnaks
vk jain
Greenhorn

Joined: Oct 05, 2007
Posts: 21
i am using Basic authentication
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41123
    
  45
Not sure what authentication has to do with it, but you haven't stated what you actually want to achieve - that the session should not expire at all, or that -once it has expired- no new one should get created.

The former can be achieved by calling HttpSession.setMaxInactiveInterval

The latter would be very hard, if not impossible, to achieve, and doesn't make much sense to begin with (it denies the user the use of the application).

I'd also note that a new session being created once the old one has expired is standard behavior; why is it not acceptable in your case?


Ping & DNS - my free Android networking tools app
Pedro Erencia
Ranch Hand

Joined: Apr 03, 2008
Posts: 70
Maybe i'm totally wrong, but i understand the question as "when the session expires i still can access the pages ( whithout being re-authenticated )". If a resource is unprotected and it relays in some session info it can lead to problems. That's why i asked about authentication, but more precise information maybe could avoid misunderstoods.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41123
    
  45
I guess it could be read that way. It's a feature of basic authentication that the credentials are sent by the browser until the browser is shut down. In that sense, there is no connection between authentication and server session.
vk jain
Greenhorn

Joined: Oct 05, 2007
Posts: 21
I required to show session timeout page when my session is expired on a jsp page say A.jsp.

Now suppose i am on A.jsp page and my session expired and then i click submit on A.jsp. On clicking submit a new request is sent to server for a Jsp say B.jsp. Now instead of showing B.jsp page i need to show session timeout page as my session is expired.

I apply a check on B.jsp page for seesion object, if session is null then redirect to SessionTimeout.jsp page, as my understanding was that if session is expired then obtaining session using request.getSession(false) will result into null but it returns a new session object. Due to this my checks fails and i end up with B.jsp processing.
Pedro Erencia
Ranch Hand

Joined: Apr 03, 2008
Posts: 70
mmmm.. it should return null. At least that is what the specs claims. Then i'd use a filter.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Session timoeout on JSP
 
Similar Threads
Session Management Problem
Session timeout in struts
detect the session attributes after the session is TimeOut?
Test for Session
When is a HttpSession object created by the Web Container