The purpose is really when a session timeout, I want to auto-logout (got that working) THEN redirect to say login page automatically without user clicking anything.
by the way I'm using a regular java class implementing the HttpSessionListener interface, with sessionDestroyed() method taking HttpSessionEvent as parm. So technically I'm not using or have access to HttpServletResponse or its sendRedirect() method.
Yet if I did have access to HttpServletResponse (say make it into a servlet by extending HttpServlet) then ... tried that too but got a "java.lang.IllegalStateException: ServletConfig has not been initialized " exception. I did
Any idea on how to initialize the ServletConfig? [ June 19, 2008: Message edited by: K. Tsang ]
Joined: Oct 13, 2005
No, I don't know, sorry. I shall try moving you to the Servlets forum; you might have a better chance of an answer there.
Originally posted by Bear Bibeault: To redirect, you would use response.sendRedirect().
Yes but I DON'T have a HttpServletResponse instance. From my previous posts if I extend the HttpServlet class (make it into a servlet), I still need an instance of HttpServletRespose in order to call doGet or doPost and tell its response to redirect for me.
Similarly, if I put everything in doGet or doPost then i need to activate or trigger it (put in the web.xml) which my intention isn't that. When session "timeout" calls sessionDestroyed() of HttpSessionLister interface (which I auto logout) then redirect to login page directly WITHOUT user clicking anything. By the way when user does click it checks for session variable through getAttribute if its null goto login page.
Therefore I want to see if URL class or other classes in java.net package will allow to implement redirect.
Not possible. You can't initiate a response without a request.
How would you even know if the user was looking at your site when the session times out?
What most people do is to place an object of some type in the session and add a filter to their web app. The filter checks for the object, and if it's not there, you know that the session had previously timed out.
Alternatively, you could place an object into the session in your listener to let the filter know there's been a timeout, but that's not as common. [ June 19, 2008: Message edited by: Bear Bibeault ]
OK maybe codes will make things clear. first some logic: user logins and idle till session timeout
In web.xml I have a listener thing <listener> <listener-class>listener.SessionListener</listener-class> </listener>
In my SessionListener I have
As you can see it doesn't need to be a servlet hence no HttpServletResponse instance. If I did suppose I extend HttpServlet at the top and have those doGet or doPost method and put the sendRedirect there... I still need an HttpServletRxxx instance to call the doGet/doPost