GeeCON Prague 2014*
The moose likes Servlets and the fly likes Redirect after session timeout Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » Servlets
Bookmark "Redirect after session timeout" Watch "Redirect after session timeout" New topic
Author

Redirect after session timeout

Kris Philippaerts
Greenhorn

Joined: Oct 19, 2001
Posts: 25
Hi!

I set up my web application with these login settings:


<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error/login_error.jsp</form-error-page>
</form-login-config>
</login-config>


When my session times out, the user is asked to log in again. But this often happens when the session contains information to build up the JSP. So, when I log in again, I get JSP exceptions (NoBeanSpecified, etc.), since this session information is lost. So it would be more suitable to show a message like: 'please close all pop-up windows and login again'. But I can't seem to configure this in my web.xml.

Is there a simple solution for this problem?

Thanks a lot!

Kris
Nathaniel Stoddard
Ranch Hand

Joined: May 29, 2003
Posts: 1258
I think this sort of thing would require a mixture of JSP and JavaScript solutions. The problem is that sessions are server-side, while any type of notification to the client would have to be client-side. You could render some JavaScript in every JSP that you send out. Put in a function that pops up something (or does whatever) after a certain number of seconds. You can get the information needed about timeout times from the session while you're constructing the JSP on the server. That would probably work (roughly, at least).

You definitely couldn't arbitrarily render another page when the session times out because the client isn't making another request. You could also create a filter that checks to make sure the user is signed in--if they aren't, they are instead redirected to a login page, or some other page.

So, I guess there are a couple solutions.


Nathaniel Stodard<br />SCJP, SCJD, SCWCD, SCBCD, SCDJWS, ICAD, ICSD, ICED
 
GeeCON Prague 2014
 
subject: Redirect after session timeout