I have this below problem. Please reply if any one has any solution:
Background: We set a cookie when a user logs in and delete it when user logs out.
Also this cookie is not deleted when session times out (Is there any way to do this?)
Suppose user logs in and comes to a page he is surfing, now he goes away, session times out and now when user refreshes the page, in our code logic it takes him to log in page which is a very bad user experience….this problem is occurring due to the cookie which is not getting deleted on session time out? ….I have tried or thought of options of deleting cookie on session time out but am not able to do it….Have tried using HTTPSessionListener, but due to no response, request objects in sessionDestroyed(), I am not able to do so.
Alternative way which I am thinking of is: When the user refreshes the page, is there any way that I show him a message that your session is expired after chking if the session has timed out or no, press ok to go to login page or cancel to surf the same page…..I should be able to delete the cookie on cancel click?
Awaiting any suggestions …