aspose file tools*
The moose likes Servlets and the fly likes Forcing Relogin Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Forcing Relogin" Watch "Forcing Relogin" New topic
Author

Forcing Relogin

Neeraj Vij
Ranch Hand

Joined: Nov 25, 2003
Posts: 315
How can I force a user to relogin for authentication after n {ex- 15 minutes} minutes irespective of the user session being active.

Thanks
Neeraj
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61206
    
  66

Why not rely upon session timeout?


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Neeraj Vij
Ranch Hand

Joined: Nov 25, 2003
Posts: 315
I want to logout the user even if the session is active.

default session-timeout in web.xml will be for inactive session timeout. Please correct me, if I have got it wrong.


Thanks
Neeraj
ramprasad madathil
Ranch Hand

Joined: Jan 24, 2005
Posts: 489

Depending on the server that you are using, you can force the session cookie to expire after a fixed interval. In Weblogic you may specify the cookie-max-age-secs in weblogic custom deployment file - weblogic.xml

It's possible to achieve the same effect through custom coding, but probably not in the request when the session is first created. In subsequent requests, you can iterate through the list of cookies in the request, pick up the one with the name 'JSESSIONID' and call setMaxAge() on it. But before going down that path, I would suggest that you read these resources - http://www.javaworld.com/community/node/3673 and http://blogs.bytecode.com.au/glen/2006/03/31/what-grandma-never-told-you-about-cookie-setmaxage-0----.html

cheers,
ram.
Devaka Cooray
ExamLab Creator
Saloon Keeper

Joined: Jul 29, 2008
Posts: 3098
    
  40

If you don't want to touch the session cookie, you can store a separate cookie at login that defines your time limit as the max age of it. Use an intercept filter that checks the availability of that cookie and invalidate the session when that cookie is not available.


Author of ExamLab ExamLab - a free SCJP / OCPJP exam simulator
What would SCJP exam questions look like? -- Home -- Twitter -- How to Ask a Question
Neeraj Vij
Ranch Hand

Joined: Nov 25, 2003
Posts: 315
thanks for providing valuable inputs.. both seems very good.

I thougt of one more option using tag for redirecting it logout action and then redirecting the user to login

many thanks
neeraj.
ramprasad madathil
Ranch Hand

Joined: Jan 24, 2005
Posts: 489

The meta tag has this syntax

<

where the timeInSeconds will be the value after which the refresh has to occur. So if you are proposing that you would give a value of 15 minutes (15*60), then it would work only if the user is inactive for that period. However if the user continues to interact with the server within this 15 minute period, the session will never expire.

Also if you do go down this path, remember to invalidate any existing sessions in the login page.

cheers,
ram.

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Forcing Relogin