GeeCON Prague 2014*
The moose likes Struts and the fly likes Correct way to check Session timeout? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Correct way to check Session timeout?" Watch "Correct way to check Session timeout?" New topic
Author

Correct way to check Session timeout?

A Harry
Ranch Hand

Joined: Jan 23, 2002
Posts: 124
Can anyone help with this?

I want to be able to

1. detect when the session has timed out & force the users back to the home page?

2. (this is the hard one!) prevent users from bookmarking pages (i.e actions) & trying to gain access to the application using these bookmarks without going through the main page first?

many thanks for any help!

cheers

harry
Kerry Wilson
Ranch Hand

Joined: Oct 29, 2003
Posts: 254
You will not be able to keep people from bookmarking pages. Unless you never refresh the url from the login url. You should assign a filter to the secure section and check the session to see if the user is logged in. If not, send to login page. Check session like this:

In login page, upon login:

request.getSession().setAttribute("loggedIn", new Boolean(true));

In filter

Boolean loggedIn = (Boolean)request.getSession().getAttribute("loggedIn");
if( loggedIn != null || !loggedIn.booleanValue() ) {
response.sendRedirect( "/login.do" );
return;
}

Be sure to return from filter instead of using the normal chain.doFilter method. This will make it not matter if they bookmark or not, as they will be redirected to login.
[ August 09, 2005: Message edited by: Kerry Wilson ]

http://www.goodercode.com
SCJP 1.4
Marc Peabody
pie sneak
Sheriff

Joined: Feb 05, 2003
Posts: 4727

Part 2 can be solved by using tokens in the Actions that require entry first through the main page. When a user bookmarks a page, the token is not saved with the url.


A good workman is known by his tools.
A Harry
Ranch Hand

Joined: Jan 23, 2002
Posts: 124
thanks for your answers chaps!

Marc, can you elaborate a bit on these tokens for me please? - would you happen to have any sample code you could post here?

sorry to sound a bit thick!

many thanks

harry
Marc Peabody
pie sneak
Sheriff

Joined: Feb 05, 2003
Posts: 4727

Action javadoc

You'll primarily use saveToken() and isTokenValid().
 
GeeCON Prague 2014
 
subject: Correct way to check Session timeout?