I have a web app which uses form based authentication.
I have a (collection) maintained in the session .
The page in question has a button which fetches the collection already set in the session & displays to the user. This works fine normally.
But suppose the user is on the current page & is inactive for a long time & in the midst the session time out happens. Now the user clicks on the button he gets a login page because of session timeout. The user enters his credentials & the app server directs him to the same page which lists the collection but since the session has time out the collection no longer exists in the session. On this login the app server does not direct him to the normal route which we have defined but it just tries to complete the request requested by the user & prompts a login page to handle session timeout
If you want the Collection to last longer than the session you will have to provide for it specifically - for example by serializing the collection and saving it in a database or file with the key or filename based somehow on the user's identity. If you make the collection part of a data holding class that implements HttpSessionBindingListener you can use the valueUnbound method to save the contents. Bill