This week's book giveaway is in the Design forum.
We're giving away four copies of Design for the Mind and have Victor S. Yocco on-line!
See this thread for details.
Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

User Idle Time?

 
Sirish Kumar Gongal Reddy
Ranch Hand
Posts: 109
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

How can I get idle time of the user using Servlet API?

Let's say,

I logged on to the appliaction by providing valid username and password but I am not doing anything keeping the application idle (I need to get this idle time).

The idle time for each user is different. if user-A is idle for 5 min invalidate his session,if User-B is idle for 30 min invalidate his session.
As long as user is doing some thing I need to extend his session.

I am assuming like..but this is wrong....

long idleTime = session.getLastAccessedTime() - session.createTime();

some thing like..

long idleTime = xxxx - session.getLastAccessedTime();

xxxx should not be current time in milliseconds because of current time and LastAccessedTime always same.

Any idea?

Many thanks,
Sirish
 
Mirko Bonasorte
Ranch Hand
Posts: 244
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I'm not sure about your problem, but it seems to me that the method 'HttpSession.setMaxIntervalTime(int seconds)' should fit.
 
Sirish Kumar Gongal Reddy
Ranch Hand
Posts: 109
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Thanks for your reply!

HttpSession.setMaxIntervalTime()- this method will invalidate the session on the server. but How can i take my user back to login screen after HttpSession.setMaxIntervalTime(120) - 120 sconds??
No where we are telling/defining that after 120 idle seconds take the user back to login screen, right?

I am trying to caluculate idle time my self and i would like to call session.invalidate()?

Which is one is the better solution? Any idea?

Many thanks,
Sirish
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
After that interval the session expires, so if you check for a valid session, there won't be one. In that case, redirect the user to the login page (unless he's coming from the login page, but in that case the request should contain the username and password he just entered).
 
Mirko Bonasorte
Ranch Hand
Posts: 244
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
a nice idea might be to create a filter: if getSession(false) does not give you any session, you dispatch your request to a login page, for example. This way, wherever you are, you can control any access to your web application.
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Sirish Kumar GongalReddy:
The idle time for each user is different. if user-A is idle for 5 min invalidate his session,if User-B is idle for 30 min invalidate his session.


You cannot assign different session timeout for different users.If a property of the session itself and will be applicable for all the session objects created by that application.
 
Mirko Bonasorte
Ranch Hand
Posts: 244
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Rahul,

I don't agree with your post.
If you set the session timeout into web.xml, all sessions will have that timeout period. But if you programmatically set it, you change it for that session only.

From the APIs:

setMaxInactiveInterval

public void setMaxInactiveInterval(int interval)

Specifies the time, in seconds, between client requests before the servlet container will invalidate *this* session. A negative time indicates the session should never timeout.

Parameters:
interval - An integer specifying the number of seconds
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am not sure about this , as no where in the specification its specified that if the session is set using setMaxInactiveInterval() then it only for that particular session.All it says that its another way to specify session timeout other then using the web.xml.
 
Anupam Sinha
Ranch Hand
Posts: 1090
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
[RB]: I am not sure about this , as no where in the specification its specified that if the session is set using setMaxInactiveInterval() then it only for that particular session.

It does says that :

Specifies the time, in seconds, between client requests before the servlet container will invalidate this session. A negative time indicates the session should never timeout.


[EDIT]
Ohh just saw Mirko's post.
[ May 21, 2007: Message edited by: Anupam Sinha ]
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Anupam Sinha:

It does says that :

Specifies the time, in seconds, between client requests before the servlet container will invalidate this session. A negative time indicates the session should never timeout.


So its all about the word this.
Learnt an interesting thing.
 
Sirish Kumar Gongal Reddy
Ranch Hand
Posts: 109
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ulf,

Thanks for response!
-----------------------------------------------------------------------
After that interval the session expires, so if you check for a valid session, there won't be one. In that case, redirect the user to the login page (unless he's coming from the login page, but in that case the request should contain the username and password he just entered).
------------------------------------------------------------------------

I do agree with the above solution but some how it's not fitting into my requirement. What I would like to do is,

1) As long as user is performing some action I don't want kill user session. (This is the case I need to keep on extending his session interval)

2) User just logged on to the application and not doing anything just sitting idle (Server is not receving any requests from the user) for 10 min (again idle time for each user is different, If user is Admin session never expires for him) then Kill/invalidate the user session take him back to dash board.

3) Let me give you a scenario..if I logged on to https://online.lloydstsb.co.uk/customer.ibc and you are doing some action like money trasfering, profile updating......anything your session never expires if you sit idle for 10 min your session will expires.
Yes I want to implement the same

How they are managing the session?

Many thanks,
Sirish
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sirish,
I'm not clear on where you see the problem. That's exactly what setMaxInactiveInterval does: expire the session after a set interval of inactivity, no matter how old the session is.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic