File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Forcing Relogin

 
Neeraj Vij
Ranch Hand
Posts: 315
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How can I force a user to relogin for authentication after n {ex- 15 minutes} minutes irespective of the user session being active.

Thanks
Neeraj
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64185
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why not rely upon session timeout?
 
Neeraj Vij
Ranch Hand
Posts: 315
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I want to logout the user even if the session is active.

default session-timeout in web.xml will be for inactive session timeout. Please correct me, if I have got it wrong.


Thanks
Neeraj
 
ramprasad madathil
Ranch Hand
Posts: 489
Eclipse IDE Java Tomcat Server
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Depending on the server that you are using, you can force the session cookie to expire after a fixed interval. In Weblogic you may specify the cookie-max-age-secs in weblogic custom deployment file - weblogic.xml

It's possible to achieve the same effect through custom coding, but probably not in the request when the session is first created. In subsequent requests, you can iterate through the list of cookies in the request, pick up the one with the name 'JSESSIONID' and call setMaxAge() on it. But before going down that path, I would suggest that you read these resources - http://www.javaworld.com/community/node/3673 and http://blogs.bytecode.com.au/glen/2006/03/31/what-grandma-never-told-you-about-cookie-setmaxage-0----.html

cheers,
ram.
 
Devaka Cooray
ExamLab Creator
Marshal
Pie
Posts: 4117
195
Chrome Eclipse IDE Google App Engine IntelliJ IDE jQuery Postgres Database Tomcat Server
  • 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you don't want to touch the session cookie, you can store a separate cookie at login that defines your time limit as the max age of it. Use an intercept filter that checks the availability of that cookie and invalidate the session when that cookie is not available.
 
Neeraj Vij
Ranch Hand
Posts: 315
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks for providing valuable inputs.. both seems very good.

I thougt of one more option using tag for redirecting it logout action and then redirecting the user to login

many thanks
neeraj.
 
ramprasad madathil
Ranch Hand
Posts: 489
Eclipse IDE Java Tomcat Server
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The meta tag has this syntax

<

where the timeInSeconds will be the value after which the refresh has to occur. So if you are proposing that you would give a value of 15 minutes (15*60), then it would work only if the user is inactive for that period. However if the user continues to interact with the server within this 15 minute period, the session will never expire.

Also if you do go down this path, remember to invalidate any existing sessions in the login page.

cheers,
ram.

 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic