I have a scenario. I am running a Timer upon user login in my web app. The user can freely browse the website after logging in succesfully. However, after a particular time has been passed (which is configurable), say 20 minutes, the user should be redirected to a security question page for security purposes. The current page of the user should be vanished and the security question page should appear. Is there a neat solution for this? I am using RequestDispatcher.forward for my responses.
You could store the login time as a session variable and compare it to the current time when the user requests a page.
You can never stop people from viewing content and saving it off locally to be viewed for as long as they wish. Your best bet is to do your redirect if the user requests a new page after your specified interval.