File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Session timoeout on JSP

 
vk jain
Greenhorn
Posts: 21
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

i need to handle session timeout on Jsp in my application. Currently when session is timeout and user clicks on submit button then a request is send for an JSP. Now on this JSP a new session object is created since existing one is expired. I did not want new session to be get created on JSP if older one is expired.

Any help is appreciated!!!
 
Seetharaman Venkatasamy
Ranch Hand
Posts: 5575
Eclipse IDE Java Windows XP
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
use session="false" at page directive in the particular page

Hope This Helps
 
Pedro Erencia
Ranch Hand
Posts: 70
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
But it will prevent that jsp to participate in any session. As i understand what is required is to not create the session on any jsp invoked after the session has timed-out. What kind of authentication mechanism are you using ?
 
Brij Garg
Ranch Hand
Posts: 234
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Whenever session is timedout or becomes invalidate then if the object assocaited with the session has implemented HttpSessionBindingListener interface then this object is notified.

you can use the valueUnbound method and can set some variable in this method which you can use in your JSP.

I didnt try this solution, but i think it should work.

Thnaks
 
vk jain
Greenhorn
Posts: 21
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i am using Basic authentication
 
Ulf Dittmer
Rancher
Pie
Posts: 42966
73
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Not sure what authentication has to do with it, but you haven't stated what you actually want to achieve - that the session should not expire at all, or that -once it has expired- no new one should get created.

The former can be achieved by calling HttpSession.setMaxInactiveInterval

The latter would be very hard, if not impossible, to achieve, and doesn't make much sense to begin with (it denies the user the use of the application).

I'd also note that a new session being created once the old one has expired is standard behavior; why is it not acceptable in your case?
 
Pedro Erencia
Ranch Hand
Posts: 70
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Maybe i'm totally wrong, but i understand the question as "when the session expires i still can access the pages ( whithout being re-authenticated )". If a resource is unprotected and it relays in some session info it can lead to problems. That's why i asked about authentication, but more precise information maybe could avoid misunderstoods.
 
Ulf Dittmer
Rancher
Pie
Posts: 42966
73
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I guess it could be read that way. It's a feature of basic authentication that the credentials are sent by the browser until the browser is shut down. In that sense, there is no connection between authentication and server session.
 
vk jain
Greenhorn
Posts: 21
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I required to show session timeout page when my session is expired on a jsp page say A.jsp.

Now suppose i am on A.jsp page and my session expired and then i click submit on A.jsp. On clicking submit a new request is sent to server for a Jsp say B.jsp. Now instead of showing B.jsp page i need to show session timeout page as my session is expired.

I apply a check on B.jsp page for seesion object, if session is null then redirect to SessionTimeout.jsp page, as my understanding was that if session is expired then obtaining session using request.getSession(false) will result into null but it returns a new session object. Due to this my checks fails and i end up with B.jsp processing.
 
Pedro Erencia
Ranch Hand
Posts: 70
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
mmmm.. it should return null. At least that is what the specs claims. Then i'd use a filter.
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic