File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JSF and the fly likes How to do Http Session time out by using the time given instead of duration Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSF
Bookmark "How to do Http Session time out by using the time given instead of duration" Watch "How to do Http Session time out by using the time given instead of duration" New topic
Author

How to do Http Session time out by using the time given instead of duration

Tim Lim
Greenhorn

Joined: Oct 14, 2010
Posts: 22
I am new to jsf. I am doing a timeout for http session. I am wondering if there is a way to set the time limit for the session timeout other than stating the duration in the web.xml.
Like for example:
If a person will to log in, the system would tell the user that he/she is given till this time 12:00pm and after this time the session will timeout. When the session timeout, he/she will be prompted to log in. I am not sure if there is a way to do this. Please advise.
Carlos Jorge Tavares Ferreira
Greenhorn

Joined: Dec 10, 2007
Posts: 17
You can use HttpSession.setMaxInactiveInterval to set the timeout duration programmatically.
Tim Lim
Greenhorn

Joined: Oct 14, 2010
Posts: 22
Carlos Jorge Tavares Ferreira wrote:You can use HttpSession.setMaxInactiveInterval to set the timeout duration programmatically.


If I remember correctly, that method can only set the duration. What I wanted is to set the time such that it will expire at that time say 1pm.
Carlos Jorge Tavares Ferreira
Greenhorn

Joined: Dec 10, 2007
Posts: 17
And what stops you from calculating the number of minutes from the login time until the time you want the session to expire?
Tim Lim
Greenhorn

Joined: Oct 14, 2010
Posts: 22
I am not too sure about the calculating part if you are referring to the setMaxInactiveInterval.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16137
    
  21

Timing someone out just because it's 1PM is kind of unusual. I might even say arbitrary. It's more common to do things like only permit users to access an app at certain times of day and/or days of week.

However, about the easiest way to cut them off at the clock is to add a servlet filter. Assuming you're using the J2EE standard security system, that's very simple. When a request comes in, check to see if the user is time-constrained. If so, and the time has expired, do a session.invalidate() - or for JEE, a logout(). If you've got a non-standard security system, I leave it to you to figure out the equivalent. That is, after all, one of the drawbacks of not using the standard.

One extra addition in your case, since you simply want to force a logout, and not actually block the user. You need to capture the fact that they were logged out and store it in some more durable context that their session (since logout destroys that). Then you need to add that check to the logout logic. Otherwise they won't be able to log back in!


Customer surveys are for companies who didn't pay proper attention to begin with.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to do Http Session time out by using the time given instead of duration