wood burning stoves 2.0*
The moose likes Servlets and the fly likes Redirect after session timeout Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Redirect after session timeout" Watch "Redirect after session timeout" New topic
Author

Redirect after session timeout

Kris Philippaerts
Greenhorn

Joined: Oct 19, 2001
Posts: 25
Hi!

I set up my web application with these login settings:


<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error/login_error.jsp</form-error-page>
</form-login-config>
</login-config>


When my session times out, the user is asked to log in again. But this often happens when the session contains information to build up the JSP. So, when I log in again, I get JSP exceptions (NoBeanSpecified, etc.), since this session information is lost. So it would be more suitable to show a message like: 'please close all pop-up windows and login again'. But I can't seem to configure this in my web.xml.

Is there a simple solution for this problem?

Thanks a lot!

Kris
Nathaniel Stoddard
Ranch Hand

Joined: May 29, 2003
Posts: 1258
I think this sort of thing would require a mixture of JSP and JavaScript solutions. The problem is that sessions are server-side, while any type of notification to the client would have to be client-side. You could render some JavaScript in every JSP that you send out. Put in a function that pops up something (or does whatever) after a certain number of seconds. You can get the information needed about timeout times from the session while you're constructing the JSP on the server. That would probably work (roughly, at least).

You definitely couldn't arbitrarily render another page when the session times out because the client isn't making another request. You could also create a filter that checks to make sure the user is signed in--if they aren't, they are instead redirected to a login page, or some other page.

So, I guess there are a couple solutions.


Nathaniel Stodard<br />SCJP, SCJD, SCWCD, SCBCD, SCDJWS, ICAD, ICSD, ICED
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Redirect after session timeout
 
Similar Threads
Unauthenticated Access to a Secured Resource?
DD entries for authentication
HTTP Status 404 After Adding security-constraint To web.xml
Security Problem with my app
j_security_check - Invalid username or password message