This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes Servlets and the fly likes User Idle Time? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "User Idle Time?" Watch "User Idle Time?" New topic
Author

User Idle Time?

Sirish Kumar Gongal Reddy
Ranch Hand

Joined: Oct 25, 2004
Posts: 109
Hello,

How can I get idle time of the user using Servlet API?

Let's say,

I logged on to the appliaction by providing valid username and password but I am not doing anything keeping the application idle (I need to get this idle time).

The idle time for each user is different. if user-A is idle for 5 min invalidate his session,if User-B is idle for 30 min invalidate his session.
As long as user is doing some thing I need to extend his session.

I am assuming like..but this is wrong....

long idleTime = session.getLastAccessedTime() - session.createTime();

some thing like..

long idleTime = xxxx - session.getLastAccessedTime();

xxxx should not be current time in milliseconds because of current time and LastAccessedTime always same.

Any idea?

Many thanks,
Sirish
Mirko Bonasorte
Ranch Hand

Joined: May 14, 2007
Posts: 244
Hi,
I'm not sure about your problem, but it seems to me that the method 'HttpSession.setMaxIntervalTime(int seconds)' should fit.


SCJP<br />SCWCD 1.4 Upgrade (Remember: me stupid)<br />SCWCD 1.4<br /><a href="http://jcp.org/aboutJava/communityprocess/final/jsr220/index.html" target="_blank" rel="nofollow">SCBCD 5.0</a><br /><a href="http://www.enthuware.com" target="_blank" rel="nofollow">SCBCD 5.0 mock exam</a> <br /> <br />SCEA 5 Part1: Preparing...
Sirish Kumar Gongal Reddy
Ranch Hand

Joined: Oct 25, 2004
Posts: 109
Hi,

Thanks for your reply!

HttpSession.setMaxIntervalTime()- this method will invalidate the session on the server. but How can i take my user back to login screen after HttpSession.setMaxIntervalTime(120) - 120 sconds??
No where we are telling/defining that after 120 idle seconds take the user back to login screen, right?

I am trying to caluculate idle time my self and i would like to call session.invalidate()?

Which is one is the better solution? Any idea?

Many thanks,
Sirish
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41592
    
  55
After that interval the session expires, so if you check for a valid session, there won't be one. In that case, redirect the user to the login page (unless he's coming from the login page, but in that case the request should contain the username and password he just entered).


Ping & DNS - my free Android networking tools app
Mirko Bonasorte
Ranch Hand

Joined: May 14, 2007
Posts: 244
Hi,
a nice idea might be to create a filter: if getSession(false) does not give you any session, you dispatch your request to a login page, for example. This way, wherever you are, you can control any access to your web application.
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
Originally posted by Sirish Kumar GongalReddy:
The idle time for each user is different. if user-A is idle for 5 min invalidate his session,if User-B is idle for 30 min invalidate his session.


You cannot assign different session timeout for different users.If a property of the session itself and will be applicable for all the session objects created by that application.


Rahul Bhattacharjee
LinkedIn - Blog
Mirko Bonasorte
Ranch Hand

Joined: May 14, 2007
Posts: 244
Hi Rahul,

I don't agree with your post.
If you set the session timeout into web.xml, all sessions will have that timeout period. But if you programmatically set it, you change it for that session only.

From the APIs:

setMaxInactiveInterval

public void setMaxInactiveInterval(int interval)

Specifies the time, in seconds, between client requests before the servlet container will invalidate *this* session. A negative time indicates the session should never timeout.

Parameters:
interval - An integer specifying the number of seconds
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
I am not sure about this , as no where in the specification its specified that if the session is set using setMaxInactiveInterval() then it only for that particular session.All it says that its another way to specify session timeout other then using the web.xml.
Anupam Sinha
Ranch Hand

Joined: Apr 13, 2003
Posts: 1088
[RB]: I am not sure about this , as no where in the specification its specified that if the session is set using setMaxInactiveInterval() then it only for that particular session.

It does says that :

Specifies the time, in seconds, between client requests before the servlet container will invalidate this session. A negative time indicates the session should never timeout.


[EDIT]
Ohh just saw Mirko's post.
[ May 21, 2007: Message edited by: Anupam Sinha ]
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
Originally posted by Anupam Sinha:

It does says that :

Specifies the time, in seconds, between client requests before the servlet container will invalidate this session. A negative time indicates the session should never timeout.


So its all about the word this.
Learnt an interesting thing.
Sirish Kumar Gongal Reddy
Ranch Hand

Joined: Oct 25, 2004
Posts: 109
Hi Ulf,

Thanks for response!
-----------------------------------------------------------------------
After that interval the session expires, so if you check for a valid session, there won't be one. In that case, redirect the user to the login page (unless he's coming from the login page, but in that case the request should contain the username and password he just entered).
------------------------------------------------------------------------

I do agree with the above solution but some how it's not fitting into my requirement. What I would like to do is,

1) As long as user is performing some action I don't want kill user session. (This is the case I need to keep on extending his session interval)

2) User just logged on to the application and not doing anything just sitting idle (Server is not receving any requests from the user) for 10 min (again idle time for each user is different, If user is Admin session never expires for him) then Kill/invalidate the user session take him back to dash board.

3) Let me give you a scenario..if I logged on to https://online.lloydstsb.co.uk/customer.ibc and you are doing some action like money trasfering, profile updating......anything your session never expires if you sit idle for 10 min your session will expires.
Yes I want to implement the same

How they are managing the session?

Many thanks,
Sirish
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41592
    
  55
Sirish,
I'm not clear on where you see the problem. That's exactly what setMaxInactiveInterval does: expire the session after a set interval of inactivity, no matter how old the session is.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: User Idle Time?