Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
The moose likes Servlets and the fly likes Handling Session TimeOut Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Handling Session TimeOut" Watch "Handling Session TimeOut" New topic
Author

Handling Session TimeOut

surendar prabu
Ranch Hand

Joined: Jul 24, 2006
Posts: 102
In my application i am maintaining session for all the users. I check for the session timeout using request.getSession(false). But even after the time specified in web.xml is crossed it gives request.getSession(false) is not returning null.
I have gone through other posts regarding this. still i am not sure how exactly to do it.

I dont have much idea on session listeners. Can someone help me with some tutorilas for that. Thank U.

Right now i have i have planned to achieve it by using last accessed time.

i will compare currenttime - last accessed time > timeout then invalidate session and redirect to login page. Is this correct way to do it.

If the session object is available for me even after the set timeout when will the container invalidate the session? please help me on this.

regards,
Surendar Prabu.


SCJP 1.4
Sirish Kumar Gongal Reddy
Ranch Hand

Joined: Oct 25, 2004
Posts: 109
Hi,

Yes you are right I did the samething, but my case I have the session-time out time in the database.

long sessionExpiryTime = session.getCreatedTime() + <<web.xml>> time

if(session.getLastAccessedTime() >= sessionExpiryTime){
session.invalidate();
//redirect the user to login page.
}

Hope it will help!

-Sirish
surendar prabu
Ranch Hand

Joined: Jul 24, 2006
Posts: 102
I have got it from one of the Ben Southers post in some other thread. Check an attribute in the session which will be always available. If it returns a null, then invalidate the session.

Still my doubt is after the session times out and if the user simply closes the browser with out logging out, is there any way the session will be invalidated after timeout?

If this can be done by Session Listeners, please suggest me some tutorials for how to implement session Listener

regards,
Surendar Prabu
Sirish Kumar Gongal Reddy
Ranch Hand

Joined: Oct 25, 2004
Posts: 109
Hi,

Once you session is time out the server will remove the session. (This task will be done at server end)

Once session is invalidated by server you no need to do the same task again at your end just you need to make sure by doing some thing like sessoin.isNew().

Your session will be expired by the following wasy,

1) close the browser (Your session will be closed)

2) setMaxInactiveInterval(seconds);

3) session.invalidate();

Your case server is doing for you so you no need to close the user session again.
if user is closing brower him self is nothing but he closed his session. so you no need to bother about his session again. He closed that.

Cheers!
Sirish
Hyndavi Padamata
Greenhorn

Joined: Apr 19, 2007
Posts: 12
Hi,

In my case, before invalidating the session i have to update that status in database.
If user clicks logout means i can do that.

But with session expiry time(means with web.xml session-timeout), how can i do that?

Can any one help me Please urgent.

Thanks,
Hyndavi.
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

SessionListeners will do exactly what you want.
http://jhttp://java.sun.com/j2ee/1.4/docs/api/javax/servlet/http/HttpSessionListener.htmlava.sun.com/j2ee/1.4/docs/api/javax/servlet/http/HttpSessionListener.html

There are plenty of examples on the web.
A quick Google search should get you all you need:
http://www.google.com/search?hl=en&q=HTTPSESSIONLISTENER+EXAMPLE&btnG=Search


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Handling Session TimeOut