I am new to jsf. I am doing a timeout for http session. I am wondering if there is a way to set the time limit for the session timeout other than stating the duration in the web.xml.
Like for example:
If a person will to log in, the system would tell the user that he/she is given till this time 12:00pm and after this time the session will timeout. When the session timeout, he/she will be prompted to log in. I am not sure if there is a way to do this. Please advise.
Timing someone out just because it's 1PM is kind of unusual. I might even say arbitrary. It's more common to do things like only permit users to access an app at certain times of day and/or days of week.
However, about the easiest way to cut them off at the clock is to add a servlet filter. Assuming you're using the J2EE standard security system, that's very simple. When a request comes in, check to see if the user is time-constrained. If so, and the time has expired, do a session.invalidate() - or for JEE, a logout(). If you've got a non-standard security system, I leave it to you to figure out the equivalent. That is, after all, one of the drawbacks of not using the standard.
One extra addition in your case, since you simply want to force a logout, and not actually block the user. You need to capture the fact that they were logged out and store it in some more durable context that their session (since logout destroys that). Then you need to add that check to the logout logic. Otherwise they won't be able to log back in!
An IDE is no substitute for an Intelligent Developer.