• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How to Re-Authenticate an user to an active session

 
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi frns,

Following is my existing flow.

Initially the user logs in with valid usename and password. He will do some transactions in the application. Meanwhile if he is idle for more than 15 minutes, the current session will be lost and then if he wants to continue with the application he will be forcefully sent to the login page to get authenticated once again.Now we have to start the transaction freshly.

Following is my new requirement.

While doing some transaction,If the user is idle for more than 15 mins,one authentication jsp page should be displayed on the current screen asking the user to enter usename and password once aagain. If the authentication is succeeded then he should get back to the same screen previously he is doing transaction and allow the user to continue the transaction.

Here two scenarios should be considered.
1) The Re-Authentication screen should be displayed on the top of the screen in which he is idle for more than 15 mins.
2) If the Re-Authentication succeeds, then user should be allowed to continue the transaction in which he is idle previously.

Please help me in this regard. Very urgent...


Thanks,
Srinivas.
[ December 05, 2006: Message edited by: Srinivasarao Borra ]
 
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I guess this would need quite a lot of changes.I do not know much about your framework ,but most of the web applications depend a lot on session to store data for particular user session.

once your session is gone , it would not be possible to get back the data stored in the session.
Here is something that might help you.

+ Put a sessionListner.
+ As soon as the session expires you can make a backup of the datastructures which are there in the session against the session ID of the sesinon that is going to expire.Can use ServletContext as the common repository.

<===== 15 minutes after [session expires]========>

+ You get a request from the client , Bang! session expired , now
check your backup with the sessionID of the session as key.You will get the backup of the datastructure that you have stored(against the expired sessionID).

+ Create a new session ,put the recovered datastructue in that and ask the user to login again.(The login process would have to be changed a bit,session would be created before the user is asked for his credentials.If login success then continue with the session or else destroy).

Now , there is one more challange , after restoring the data in the session , how will you carry on with the folw ? For this you have to modify frontcontroller (if your application has one) or something else you have to do accroding to your application.

Hope this helps,
 
reply
    Bookmark Topic Watch Topic
  • New Topic