Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Auto Session logoff

 
Kaustubh Hande
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Not sure if Im posting my question into correct section.

I am using WebSpheer application server for my application,with session time out set to 15 mins. I have implementd a session listener that destroy's all invalid sessions once the session has ended upon inactivity from user for more than 15 mins.
Is there any way that I can send the user directly to login screen without having him to click any link on the application to check if the session is valid/invalid.
I am not able to find any means how can I continously check for a logged in user if his session had ended and forcefully sending him to login screen upon inactivity on the application.

Please help.

Thanks
 
Smitesh Shinde
Ranch Hand
Posts: 45
Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Kaustubh,
Set some attribute into the session when user logs in and check it on each page.If session gets ended attribute will be null.Redirect the user to login page then.
Somethink like this
 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I am using WebSpheer application server for my application,with session time out set to 15 mins. I have implementd a session listener that destroy's all invalid sessions once the session has ended upon inactivity from user for more than 15 mins.

Are you talking about HTTPSessions? WebSphere should do that automatically when the session timeout value is reached. You should not have to do anything.


Is there any way that I can send the user directly to login screen without having him to click any link on the application to check if the session is valid/invalid.
I am not able to find any means how can I continously check for a logged in user if his session had ended and forcefully sending him to login screen upon inactivity on the application.

This is how container managed security should work. Can you not just use that?
 
Kaustubh Hande
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Smitesh,

But my requirement is to rediredct the user automatically to login page as his session has ended and not wait him to click any link on app.
With setting a session attribute i will have to wait till he clicks some link on the app.

Thanks
 
Kaustubh Hande
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the reply Paul,

The container does invalidate the session, but I want to keep running a process that checks if the user has been logged in fop more than the session time out value with inactivity on app and as the session ends he is redirected to login page automatically but not upon his next click in the application.

Thanks
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You'll need a periodic timer on the page that sends an Ajax request that does the check; if the user is logged out you can send them to the login page.

IMO that's a bad design; what if I'm looking at something on the page?

Perhaps something a little less destructive to the user experience would be better--or at least a noticeable warning before sending doom upon the hapless surfer.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic