*
The moose likes Servlets and the fly likes MVC-model 2(Session Management) Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "MVC-model 2(Session Management)" Watch "MVC-model 2(Session Management)" New topic
Author

MVC-model 2(Session Management)

Gabriel Fox
Ranch Hand

Joined: Oct 17, 2001
Posts: 170

Hello Pals,please how do i :
1.set a specific idle session time-out in jakarta-Tomcat 3.2.1;
2.And send the user back to the Logon screen (A JSP requiring user name and password for authentication)i.e. prompting him to re-enter his username and password again after a set idle time.
3.Is there a way for keeping a session active for say 24hrs.
Please, code samples and references will be highly appreciated.
Thanks!!!
Tariq Dweik
Greenhorn

Joined: Aug 19, 2001
Posts: 20
hi there
1. inside the web.xml file for your web application add the following lines
<session-config>
<session-timeout>TimeInMinutes</session-timeout>
</session-config>
or inside the validating jsp put the following:
<% session.setMaxInactiveInterval(x); %> where is int and represents the value in seconds.
2. This is dependent on your authentication method, in other words how r u implementing it, is it done by tomcat realms or r u defining a tailor-made one (getting the username and password, check from the db,...,etc)
3. read (1) above
thats all
Tariq Dweik
SCJP SCWCDJ2EE


Tariq Dweik
Gabriel Fox
Ranch Hand

Joined: Oct 17, 2001
Posts: 170
Thanks Tariq Dweik , it worked using your tags in my web.xml file.
But At the moment i'm doing my Authentication via including
a jsp script with <%@include file="FileName"%> on all pages.
This checks for a valid logon via a method returning a boolean
(T/F) depending on query run with the username and password.
Questions.
1.How do i send the user back to the Log On page (prompting for username and password ), after a said max time of inactivity
within this user session.
2.Is there a way of avoiding including a JSP on all pages that secures each page against direct access (via a browser by typing in the url) by using the web.xml mapping
Thanks very much Pals. Codes will be highly appreciated.

[This message has been edited by Gabriel Fox (edited November 03, 2001).]
Mike Curwen
Ranch Hand

Joined: Feb 20, 2001
Posts: 3695

To answer 1:

If you set the session timeout for 30 minutes, and they're away from their computer 31 minutes... then when they next click a link, your servlet can check if the session is new. Something like: Or use request.getSession(false), and check if the returned session is null.

If you were meaning "have the browser automatically refresh the page to the login page if they timeout their session."

Use the meta refresh tag, and set it to the session timeout. This would kinda be freaky behaviour, I don't know of any site that does this.. but it sounds kinda cool at 3:07 am.

Gabriel Fox
Ranch Hand

Joined: Oct 17, 2001
Posts: 170
Thanks mike for your prompt reply.
But i still have a question regarding the use of isNew() below
HttpSession session = request.getSession();
if (session.isNew())
{ // redirect to login page}
else
{ // continue on...}
In my controller servlet(dispatcher) i did the following
HttpSession session=request.getSession(true);
Then ,used session.getAttribute("beanName") to check if an
object is already session scoped.If No, then i associated a few
objects to the user session using
setAttribute ("beanNamme",beanReference)
QUESTION
Where do i place the code you posted above i.e.is it in all my
JSP views OR controller servlet which already creates a new
session if found to be null.
Cheers.



[This message has been edited by Gabriel Fox (edited November 03, 2001).]
Tariq Dweik
Greenhorn

Joined: Aug 19, 2001
Posts: 20
my advice for u is to upgrade your version of tomcat to ver. 4, since it is the reference implementation for 2.3 specifications which introduced the concept of Filters, in other words , u develop your pages normaly and request will be filtered to check if the user is loged on or not
Tariq Dweik
SCJP SCWCDJ2EE
Mike Curwen
Ranch Hand

Joined: Feb 20, 2001
Posts: 3695

Gabriel... I would place it in your controlling servlet, in the doGet and/or doPost method. It doesn't really have to be in these methods, but the point is, it would be the very *first* thing you do.

The very first thing it does it check for the sesion. If it's there, then continue processing (the use is logged in). If it's missing, redirect to the login page.
Gabriel Fox
Ranch Hand

Joined: Oct 17, 2001
Posts: 170

Thanks Mike and Tariq for your speedy reply, your ideas are
absolutely valid. I will get back as soon as i add the posted
logic to my existing code.
Cheers.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: MVC-model 2(Session Management)
 
Similar Threads
User Idle Time?
Alerting the user about Session expiry after idle-time
Proper way to exit a servlet, and release the resources it is using?
Session time out with in interceptors
Session management configuaration Issue