File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to do Http Session time out by using the time given instead of duration

 
Tim Lim
Greenhorn
Posts: 22
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am new to jsf. I am doing a timeout for http session. I am wondering if there is a way to set the time limit for the session timeout other than stating the duration in the web.xml.
Like for example:
If a person will to log in, the system would tell the user that he/she is given till this time 12:00pm and after this time the session will timeout. When the session timeout, he/she will be prompted to log in. I am not sure if there is a way to do this. Please advise.
 
Carlos Jorge Tavares Ferreira
Greenhorn
Posts: 17
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can use HttpSession.setMaxInactiveInterval to set the timeout duration programmatically.
 
Tim Lim
Greenhorn
Posts: 22
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Carlos Jorge Tavares Ferreira wrote:You can use HttpSession.setMaxInactiveInterval to set the timeout duration programmatically.


If I remember correctly, that method can only set the duration. What I wanted is to set the time such that it will expire at that time say 1pm.
 
Carlos Jorge Tavares Ferreira
Greenhorn
Posts: 17
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
And what stops you from calculating the number of minutes from the login time until the time you want the session to expire?
 
Tim Lim
Greenhorn
Posts: 22
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am not too sure about the calculating part if you are referring to the setMaxInactiveInterval.
 
Tim Holloway
Saloon Keeper
Pie
Posts: 17639
39
Android Eclipse IDE Linux
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Timing someone out just because it's 1PM is kind of unusual. I might even say arbitrary. It's more common to do things like only permit users to access an app at certain times of day and/or days of week.

However, about the easiest way to cut them off at the clock is to add a servlet filter. Assuming you're using the J2EE standard security system, that's very simple. When a request comes in, check to see if the user is time-constrained. If so, and the time has expired, do a session.invalidate() - or for JEE, a logout(). If you've got a non-standard security system, I leave it to you to figure out the equivalent. That is, after all, one of the drawbacks of not using the standard.

One extra addition in your case, since you simply want to force a logout, and not actually block the user. You need to capture the fact that they were logged out and store it in some more durable context that their session (since logout destroys that). Then you need to add that check to the logout logic. Otherwise they won't be able to log back in!
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic