aspose file tools*
The moose likes JSF and the fly likes Session Expire due to time out: Please Help Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSF
Bookmark "Session Expire due to time out: Please Help" Watch "Session Expire due to time out: Please Help" New topic
Author

Session Expire due to time out: Please Help

Kushagra Bindal
Ranch Hand

Joined: Oct 15, 2008
Posts: 156
Hi All,
I have some sort of same query.

I have following code in my custom SessionListener sessionDestriyed() method.

But I am getting "NullPointerException" at the time of creating the HTTPRequest object.

Actually I want to show a message to all the users whose session has been expired due to time out. Some sort like"Your session has been expired. Please login again.". And then want to redirect the same to logout page. So that user can login again. Now please suggest me a possible way to proceed.

Thanks
Kushagra Bindal
Kushagra Bindal
Ranch Hand

Joined: Oct 15, 2008
Posts: 156
Hi All,

Actually I divide that line in many line and now I am getting exception at this line.
FacesContext context = FacesContext.getCurrentInstance();

After session expire this line is giving "NullPointerException".

Please help me in solving the problem.


Thanks
Kushagra Bindal
Kushagra Bindal
Ranch Hand

Joined: Oct 15, 2008
Posts: 156
Hi All,

When the session has been expired already. Then how to show a message on the login Page that "Your session has been expired . Please login again".


Please help me as it is very urgent.

Thanks
Kushagra Bindal
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16058
    
  21

Get rid of the JSF code and create a servlet filter. Make it intercept the session timeout exceptions and forward to your login URL.


Customer surveys are for companies who didn't pay proper attention to begin with.
Kushagra Bindal
Ranch Hand

Joined: Oct 15, 2008
Posts: 156
But as of now the application when expired due to session time out will not go to the filter class and it will access directly SessionListener's sessionDestroyed() method. And from there it is redirecting to login page.

I am not able to understand that how to proceed in the direction.

Also I am having one more option and this is : I can show an intermediate page before the login page and put a link over there so that user can click on the link to redirect to login page.


Please suggest me any of the possible way. By which I can proceed.


Thanks
Kushagra Bindal
Kushagra Bindal
Ranch Hand

Joined: Oct 15, 2008
Posts: 156
Hi All,
I am currently in sessionDestroyed() method and it will redirect to login page automatically once session expires from here. so can any body please suggest me that how can I trap here that call for sessionDestroyed() method is from session expire and not from logout call.


Please help!!!

Thanks
Kushagra
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16058
    
  21

It sounds like you're expecting the SessionDestroy code to send an unsolicited page to the client. That's not possible for any HTTP-based service, including JSF. In HTTP, you can only respond to client requests, not provide responses unasked-for. The closest approximation available is that IF they make another page request, you can force them back to the login process.

Which relates to the filter solution. When the user DOES make another request, you can test for a session and reroute if there is no session, OR you can pass the request on, and if an "Unable to restore view" exception was thrown, catch it, and create a forward request to the login. Which is what I do.

It sounded like you think that the filter only gets called when there's a session. That's not so. The filter ALWAYS gets called.
Kushagra Bindal
Ranch Hand

Joined: Oct 15, 2008
Posts: 156
Hi Tim,

I have tried the way that you suggested. But in my case when the session expired then it is directly going into my sessionDestroyed() method an not in Filter's doFilter() method.
Then how to handle this situation.

Thanks
Kushagra Bindal
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16058
    
  21

Well, to explicitly log someone out without waiting for them to time out, you have to supply your own code to explicitly invalidate the session or do whatever actions logout does. So you should already know when someone's attempting to log out.

However, looking back at your original example: the FacesContext isn't a permanent object. It only exists when a URL has been routed to the FacesServlet and only for the life of the Faces request/response cycle. It gets reconstructed and destroyed each time. So it's not available in general framework code - and this includes filters, but specifically includes listeners that operate before or after the facelets servlet processing.

And that's why you're getting the NullPointerException.

In fact, a quick scan of the JavaDocs doesn't give me any indication that the SessionExpiredEvent has to even have a HttpServletRequest object active at the time it's fired, so there so wouldn't be anything for the listener to forward from. And that makes sense to me, since if the user walks away from a computer with an active session and that session has acquired resources that may need releasing, the session needs to be able to timeout and release those resources without being dependent on the user coming back and making another request. Users often don't - they just close the browser window or shut off their computers. Neither of which will send any sort of message to the webserver.

What that means is that you can't use the SessionExpiredEvent listener to do what you want. It doesn't have the context you need.
Kushagra Bindal
Ranch Hand

Joined: Oct 15, 2008
Posts: 156
Thanks Tim for the reply.

But one thing that I just want to ask is that, ya its right that when session timeout then it will automatically release all the resources. But at that time can we set a value so that when the user click on any link after session timeout then it will directly pick that value and then forwarded to my custom page so that where I can show some sort of message to inform user about the session timeout?

Is it possible then please suggest me the way to proceed.

Thanks
Kushagra Bindal
Kushagra Bindal
Ranch Hand

Joined: Oct 15, 2008
Posts: 156
One more thing. Through out the day I am using one of the custom filter to send the data once it's session timeOut. But it is not going in the Filter that I developed. Here is the code that I wrote in the file.



Also I have made my entry in web.xml too.




But no progress till yet.

Please suggest me if anything is possible in this case. Or is any thing is poosible too.

Thanks
Kushagra Bindal
Kushagra Bindal
Ranch Hand

Joined: Oct 15, 2008
Posts: 156
Hi All,

Is there any idea that anything is possible by this or by other way please help me to resolve the problem that I am facing.

Thanks
Kushagra Bindal
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16058
    
  21

I'm doing something similar to what you're doing and the filter hasn't missed a request so far.

But I'm still refining the process, since the whole ViewExpired process is rather messy. JSF really needs some serious cleanup work in that area.
Kushagra Bindal
Ranch Hand

Joined: Oct 15, 2008
Posts: 156
Hi Tim,

thanks for the reply.

One more help I need from you is that, Can you please share with me the step you are processing with and also the code that you have written for checking the sessionTimeOut so that I can tally the same with me also the reading in web.xml.
I am facing this a very big problem and unable to resolve it till now.

Please help!!!

Thanks
Kushagra Bindal
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16058
    
  21

I'm afraid there's not much to it.

I avoid "do-it-yourself" security systems - there's a very long list of reasons why - so the actual login process isn't part of my application logic. However, session timeout isn't just about security. When your session expires, you also lose application state. So I still want to know about it, even though I'm letting the application container do my primary security management.

It's important to realize that the JSF ViewExpiredException isn't the same thing as session timeout, but it, too can lose state. JSF keeps a limited stack of view data, and once the stack exceeds its limits, the older view data is discarded.

In short, I do 2 things in my filter:

1. Do a getSession(false) to see if I have a live session

2. Trap ALL exceptions on the filter's doFilter() that passes the request on down the pipe. I tried trapping just ViewExpiredException, but it didn't always work. Looks like a classpath issue, but I haven't yet figured it out. As I said, I'm still refining this process.

Kushagra Bindal
Ranch Hand

Joined: Oct 15, 2008
Posts: 156
Hi All,

Can we can make any entry in the web.xml like as <context-param> sort off where we can described the custom logout page so that after calling sessionDestroyed() method of the HTTPSessionListener class it will directly redirect it to that page. On which we can provide a link so that user can click on that link to redirect itself to login page like this is already implemented on many side. Any suggestion??

Thanks

Kushagra Bindal
Kushagra Bindal
Ranch Hand

Joined: Oct 15, 2008
Posts: 156
Thanks Tim for the reply,

But in my case it is not going in Fliter class that I mentioned above even a single time after the session time out. Is there any specific change that needs to be required or I have to check for a specific condition over some other place.

Thanks
Kushagra Bindal
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16058
    
  21



It's possible that if you were just limiting to ".jsf" page requests it was causing you problems.
Kushagra Bindal
Ranch Hand

Joined: Oct 15, 2008
Posts: 156
Hi Tim,

Thanks for the reply. But still my request is not going in the filter and when the session expire it is directly going in the sessionDestroyed() method and on the other click on any link it will redirect it automatically to login page. Is there a way to resolve the issue.

Or I have another idea that can we make any entry in the web.xml so that it will redirect on that page after session time out.

Please Help!!!

Thanks
Kushagra Bindal
Kushagra Bindal
Ranch Hand

Joined: Oct 15, 2008
Posts: 156
Hi Tim,

tell me one more thing that how this filter entry is working in your application. Whether redirect parameter is use somewhere in your application or something else that you have done so your request is going in the SessionTimeOutFilter filter. Because as of now I have entered the same thing that you mention in the previous post. But my request is not going in the SessionTimeOutFilter.


Please Help !!!


Thanks
Kushagra Bindal
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16058
    
  21

I'm at a dead end here. The filter I defined sees all httpservlet requests - even the non-JSF ones.

Either you've got something odd set up that I don't know about, or your assumptions about what's supposed to make an http request are incorrect, and I can't think of anything further to suggest. It's possible to do a lot of things remotely, but this is one of those situations where I'd actually have to be there to see what happens.

I think your best approach now is to find one of the gurus in your own town who can look at the system in its entirety.
Shivaji Byrapaneni
Greenhorn

Joined: Oct 20, 2008
Posts: 22
create a filter and get the request object in doFilter method

from the request get the session object and try something like this

sessionObj.getLastAccessedTime()


which gives the last acess time of the session

try to get the current time then find the difference between them to get the time the session was not used.


from there if the session not being used time exceeds to your limit do this

get the response object and forward to login page or logout page as you wish liek this

resp.sendRedirect(loginPage);



 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Session Expire due to time out: Please Help