aspose file tools*
The moose likes Servlets and the fly likes Auto Session logoff Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Auto Session logoff" Watch "Auto Session logoff" New topic
Author

Auto Session logoff

Kaustubh Hande
Greenhorn

Joined: Apr 10, 2007
Posts: 18
Hi,

Not sure if Im posting my question into correct section.

I am using WebSpheer application server for my application,with session time out set to 15 mins. I have implementd a session listener that destroy's all invalid sessions once the session has ended upon inactivity from user for more than 15 mins.
Is there any way that I can send the user directly to login screen without having him to click any link on the application to check if the session is valid/invalid.
I am not able to find any means how can I continously check for a logged in user if his session had ended and forcefully sending him to login screen upon inactivity on the application.

Please help.

Thanks
Smitesh Shinde
Ranch Hand

Joined: Feb 16, 2008
Posts: 45

Kaustubh,
Set some attribute into the session when user logs in and check it on each page.If session gets ended attribute will be null.Redirect the user to login page then.
Somethink like this
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336


I am using WebSpheer application server for my application,with session time out set to 15 mins. I have implementd a session listener that destroy's all invalid sessions once the session has ended upon inactivity from user for more than 15 mins.

Are you talking about HTTPSessions? WebSphere should do that automatically when the session timeout value is reached. You should not have to do anything.


Is there any way that I can send the user directly to login screen without having him to click any link on the application to check if the session is valid/invalid.
I am not able to find any means how can I continously check for a logged in user if his session had ended and forcefully sending him to login screen upon inactivity on the application.

This is how container managed security should work. Can you not just use that?


JavaRanch FAQ HowToAskQuestionsOnJavaRanch
Kaustubh Hande
Greenhorn

Joined: Apr 10, 2007
Posts: 18
Thanks Smitesh,

But my requirement is to rediredct the user automatically to login page as his session has ended and not wait him to click any link on app.
With setting a session attribute i will have to wait till he clicks some link on the app.

Thanks
Kaustubh Hande
Greenhorn

Joined: Apr 10, 2007
Posts: 18
Thanks for the reply Paul,

The container does invalidate the session, but I want to keep running a process that checks if the user has been logged in fop more than the session time out value with inactivity on app and as the session ends he is redirected to login page automatically but not upon his next click in the application.

Thanks
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

You'll need a periodic timer on the page that sends an Ajax request that does the check; if the user is logged out you can send them to the login page.

IMO that's a bad design; what if I'm looking at something on the page?

Perhaps something a little less destructive to the user experience would be better--or at least a noticeable warning before sending doom upon the hapless surfer.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Auto Session logoff