This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Servlets and the fly likes session is not invalidating Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "session is not invalidating" Watch "session is not invalidating" New topic
Author

session is not invalidating

harish pathak
Ranch Hand

Joined: Dec 17, 2005
Posts: 51
Hi all,

I have made the following configuration in web.xml file but it is not invalidating the session. Or session is not timed out as after 5 minutes if I refresh the page.

<session-config>
<session-timeout>5</session-timeout>
</session-config>

please help.

Also what I want that after session is timed out I want to redirect to login page if possible. Is there any way to do this .........

But How to do this ?


Thanks

Amitindia
Vishnu Prakash
Ranch Hand

Joined: Nov 15, 2004
Posts: 1026
try restarting tomcat.


Servlet Spec 2.4/ Jsp Spec 2.0/ JSTL Spec 1.1 - JSTL Tag Documentation
harish pathak
Ranch Hand

Joined: Dec 17, 2005
Posts: 51
thanks for your reply.

But after restarting the tomcat it is not redirecting to any page.

Thanks
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

How do you know the session is not invalidating?


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Kartik Patel
Ranch Hand

Joined: Sep 12, 2005
Posts: 73
write session.jsp

<% session.getsession(false);
if(session==null)
response.sendRedirect("\login.jsp");
%>

Add this JSP in all your jsp pages by writing following
<%@include page="session.jsp"%>

So next time if u refresh your jsp after 5 minutes and if your session has expired it will automatically redirect you to login.jsp


Chop your own wood, and it will warm you twice. - Henry Ford
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Originally posted by Kartik Patel:

<% session.getsession(false);

Kartik,
Did you mean request.getSession(false)?

I'm still waiting for the original poster to let me know how he knows that the session isn't invalidating.
Manoj Kumkumath
Ranch Hand

Joined: Dec 01, 2005
Posts: 71
Thought I will add one more way to invalidate session.

We can set MaxInactiveInterval in HttpSession object using the method setMaxInactiveInterval.

Having said that, I am wondering what is the best way to do this?

Please share if anyone knows what's the difference?
Following are some assumptions I made. Correct me if I am wrong.
1. HttpSession.setMaxInactiveInterval overrides the entry in web.xml
2. web.xml is configurable???
Vishnu Prakash
Ranch Hand

Joined: Nov 15, 2004
Posts: 1026

Following are some assumptions I made. Correct me if I am wrong.
1. HttpSession.setMaxInactiveInterval overrides the entry in web.xml


Yes you are correct.


2. web.xml is configurable???


You can configure session time in web.xml with



The difference is you specify session duration in minutes in web.xml whereas in setMaxInactiveInterval() you specify session duration in seconds
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: session is not invalidating
 
Similar Threads
session timeout not working
need help with session time our
Help abt session timeout ?
Session timeout not working
session timeout