Handling Session TimeOut

In my application i am maintaining session for all the users. I check for the session timeout using request.getSession(false). But even after the time specified in web.xml is crossed it gives request.getSession(false) is not returning null.
I have gone through other posts regarding this. still i am not sure how exactly to do it.

I dont have much idea on session listeners. Can someone help me with some tutorilas for that. Thank U.

Right now i have i have planned to achieve it by using last accessed time.

i will compare currenttime - last accessed time > timeout then invalidate session and redirect to login page. Is this correct way to do it.

If the session object is available for me even after the set timeout when will the container invalidate the session? please help me on this.

regards,
Surendar Prabu.

Hi,

Yes you are right I did the samething, but my case I have the session-time out time in the database.

long sessionExpiryTime = session.getCreatedTime() + <<web.xml>> time

if(session.getLastAccessedTime() >= sessionExpiryTime){
session.invalidate();
//redirect the user to login page.
}

Hope it will help!

-Sirish

I have got it from one of the Ben Southers post in some other thread. Check an attribute in the session which will be always available. If it returns a null, then invalidate the session.

Still my doubt is after the session times out and if the user simply closes the browser with out logging out, is there any way the session will be invalidated after timeout?

If this can be done by Session Listeners, please suggest me some tutorials for how to implement session Listener

regards,
Surendar Prabu

Hi,

Once you session is time out the server will remove the session. (This task will be done at server end)

Once session is invalidated by server you no need to do the same task again at your end just you need to make sure by doing some thing like sessoin.isNew().

Your session will be expired by the following wasy,

1) close the browser (Your session will be closed)

2) setMaxInactiveInterval(seconds);

3) session.invalidate();

Your case server is doing for you so you no need to close the user session again.
if user is closing brower him self is nothing but he closed his session. so you no need to bother about his session again. He closed that.

Cheers!
Sirish

Hi,

In my case, before invalidating the session i have to update that status in database.
If user clicks logout means i can do that.

But with session expiry time(means with web.xml session-timeout), how can i do that?

Can any one help me Please urgent.

Thanks,
Hyndavi.

SessionListeners will do exactly what you want.
http://jhttp://java.sun.com/j2ee/1.4/docs/api/javax/servlet/http/HttpSessionListener.htmlava.sun.com/j2ee/1.4/docs/api/javax/servlet/http/HttpSessionListener.html

There are plenty of examples on the web.
A quick Google search should get you all you need:
http://www.google.com/search?hl=en&q=HTTPSESSIONLISTENER+EXAMPLE&btnG=Search