File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Frustrated with JSP and Session timeouts Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Frustrated with JSP and Session timeouts" Watch "Frustrated with JSP and Session timeouts" New topic

Frustrated with JSP and Session timeouts

James Arendt

Joined: Mar 07, 2001
Posts: 8
I'm working with Tomcat 3.2.1 and I've gotten quite annoyed working with JSP and session timeouts under it. I have a web app that contains both JSP and servlets. Everything integrates nicely - cookies, url rewriting, etc. Problems didn't start until I tried to get session timeouts to work. I set up the web.xml file to configure timeouts. For testing purposes, I used one minute.
The problem I've run into is that I cannot make the JSP pages aware that a timeout occurred. For an example, the following code would work in a servlet:
if (session == null) {
// do some stuff like going to login page
In JSP, that'll never be null -unless- you set the following:
<%@ page session="false" %>
However, that is definitely NOT what I want to do. This results in NO session even being declared for the generated servlet. Going the route of trying to manually create a session by declaring a session object and calling the request's getSession() method doesn't help either. The ids returned are not the same so there's way of knowing what is what.
I'm at a complete loss and so are my coworkers.
Any ideas?

Joined: Apr 16, 2001
Posts: 8
Why dont you try to do session timeouts using a property in JSP
when the authentication is done, set a property value example:
private boolean grant=false;
public void setGrant(boolean temp)

public boolean getGrant()
return this.grant;
maintain the above bean program throughout the session and when you are authenticating the user you can set the propert GRANT to "true". later on in each page you can check for the boolean value of grant for that particular session and if true do the necessary procession ...later on when you want to implement logout ...just set the property to FALSE....
it has surely worked for me ... this certainly can be thought of as an alternative.Let me know if successful
James Arendt

Joined: Mar 07, 2001
Posts: 8
That's a simple enough of a workaround. I just wish there was a non-workaround way of dealing with this. This is an area where I feel JSP is inconsistent/weak.
Or, maybe I just don't know it well enough.
Phil Hanna
Ranch Hand

Joined: Apr 05, 2001
Posts: 118
Read the servlet API documentation under javax.servlet.http.HttpSessionBindingListener. All you have to do is have an object implement this interface and supply the valueBound() and valueUnbound() methods. This will cause the object to receive an event when the session times out. You can do whatever you want then.
Phil Hanna
Sun Certified Programmer for the Java 2 Platform
Author of :
JSP: The Complete Reference
Instant Java Servlets

Phil Hanna<BR>Sun Certified Programmer for the Java 2 Platform<BR>Author of :<BR><A HREF="" TARGET=_blank rel="nofollow">JSP: The Complete Reference</A><BR><A HREF="" TARGET=_blank rel="nofollow">Instant Java Servlets</A>
I agree. Here's the link:
subject: Frustrated with JSP and Session timeouts
It's not a secret anymore!