Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
The moose likes Servlets and the fly likes Session time-out notification Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Session time-out notification " Watch "Session time-out notification " New topic
Author

Session time-out notification

naveen yadav
Ranch Hand

Joined: Oct 23, 2011
Posts: 384

hi ranchers,

when a session is time-out how can a user be notified by displaying a jsp file.?
Lucas Smith
Ranch Hand

Joined: Apr 20, 2009
Posts: 804
    
    1

You can use this snippet:



But I do not think it is pretty solution - scriplets are ugly. Unless you refresh the page user does not know about session invalidation.

Maybe Bear can give some clues?


SCJP6, SCWCD5, OCE:EJBD6.
BLOG: http://leakfromjavaheap.blogspot.com
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60774
    
  65

Are you talking about before or after the session has timed out?

If after, usually, as this causes any logged-in user to no longer be considered logged in, the user is directed to a login.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60774
    
  65

And yes, avoid scriptlets. They're not only ugly, they've been discredited for 10 years now. Time to move on.
Lucas Smith
Ranch Hand

Joined: Apr 20, 2009
Posts: 804
    
    1

Bear, can you serve some code snippet?
Do you suggest to use some kind of a filter or interceptor to check the session's state?
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60774
    
  65

I always handle such situations with a filter. Why goop up multiple pages or controllers with code that needs to cross-cut across all (or most) requests?
Lucas Smith
Ranch Hand

Joined: Apr 20, 2009
Posts: 804
    
    1

OK so my thoughts were good. Filter is the answer for cross-cutting concerns.
naveen yadav
Ranch Hand

Joined: Oct 23, 2011
Posts: 384

Bear Bibeault wrote:Are you talking about before or after the session has timed out?

.


it is after session has time-out.

ok i get your point for using the filter. but how a filter get notified that session is timed out ?
should i keep track of time when was session created and after counting 2 minutes(if session time-out period is 2 min) , a user is notified.
counting of 2 min would be done by Date object.

one more thing that
when a session is time out , the session is still a valid session until session is destroyed. Isn't that it?

D. Ogranos
Ranch Hand

Joined: Feb 02, 2009
Posts: 214
The filter can check if the incoming request is still associated with a valid session, like


Mohana Rao Sv
Ranch Hand

Joined: Aug 01, 2007
Posts: 485

Bear Bibeault wrote:I always handle such situations with a filter. Why goop up multiple pages or controllers with code that needs to cross-cut across all (or most) requests?


Let us suppose user is successfully logged in and idle for session timeout let us suppose(20mins). So after 20 mins we should display the alert message and explicitly we should call the logout action. To identify session time out we can take the help of java script whenever the page is loaded it start's counting till 20mins and logic follows. But if we are doing that in filter until and unless the user action we can't identify whether that is valid session or not. Please correct me if i'm wrong.


ocjp 6 — Feeding a person with food is a great thing in this world. Feeding the same person by transferring the knowledge is far more better thing. The reason is the amount of satisfaction which we get through food is of only one minute or two. But the satisfaction which we can get through the knowledge is of life long.
J. Kevin Robbins
Bartender

Joined: Dec 16, 2010
Posts: 828
    
  13

It sounds like what you are looking for is a HttpSessionListener.


"The good news about computers is that they do what you tell them to do. The bad news is that they do what you tell them to do." -- Ted Nelson
naveen yadav
Ranch Hand

Joined: Oct 23, 2011
Posts: 384

D. Ogranos wrote:The filter can check if the incoming request is still associated with a valid session, like




it means that when session has been timed out , session is no longer valid and current session object will return null. Is that it?

i am asking this because i little confused about when a session become invalid. Does session becomes invalid when session is time-out or when session is destroyed ?



J. Kevin Robbins
Bartender

Joined: Dec 16, 2010
Posts: 828
    
  13

naveen yadav wrote:
it means that when session has been timed out , session is no longer valid and current session object will return null. Is that it?

i am asking this because i little confused about when a session become invalid. Does session becomes invalid when session is time-out or when session is destroyed ?



The session is destroyed either upon timeout or when session.invalidate() is called by your code. Again, look at the HttpSessionListener.sessionDestroyed() method. It will notify you when the session is about to be invalidated.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60774
    
  65

Mohan Rao Sv wrote:But if we are doing that in filter until and unless the user action we can't identify whether that is valid session or not.

To monitor logged in status, you shouldn't be checking for session validity at all. You should be placing a scoped variable into the session upon login, and removing it upon logout. If the session times out, the variable automatically disappears. Checking for the existence of the variable in the filter, lets you know if the user needs to log in or not.

It's very easy actually. People seem to make it overcomplicated by thinking that they have to check the state of the session itself and get notified when it times out.
naveen yadav
Ranch Hand

Joined: Oct 23, 2011
Posts: 384

once a session is created , from here on , each request must be checked if session is still valid or not using the Filter.

But originally i was thinking to use the HttpSessionListener interface method sessionDestroyed(). because when session time out this method gets notification
But since HttpRequest object is not available , i cant redirect the user to some a page which displays session time -out message.
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19651
    
  18

Correct. That's because the session invalidation usually doesn't happen during an HTTP request but in the background by the servlet container. Just do what Bear suggested, use some session attribute. If the session is invalidated this attribute is dropped, and during the next action the user initiates your application will notice this attribute is no longer present and do whatever is needed.

I definitely wouldn't want a real-time session invalidation to do anything to my current browser contents. Imagine I log in, start reading a long piece of text, and after a while, while I'm still reading, all of a sudden my browser navigates to this error message page because the session is invalidated. That would be the last time I visited your site.


SCJP 1.4 - SCJP 6 - SCWCD 5 - OCEEJBD 6
How To Ask Questions How To Answer Questions
naveen yadav
Ranch Hand

Joined: Oct 23, 2011
Posts: 384


one more thing. should the session attributes be removed explicity?

when a application decides to kill the session for whatever reason (log-out or time-out), and session object no longer exits which makes that all session attributes also does not exists.
Should we care to remove them explicitly ?
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19651
    
  18

If the session itself is dropped, then so are its attributes. You only need to drop them manually if you still need the session itself afterwards.
naveen yadav
Ranch Hand

Joined: Oct 23, 2011
Posts: 384



thanks guys for clearing things up.
Saurabh Pillai
Ranch Hand

Joined: Sep 12, 2008
Posts: 506
Rob Spoor wrote:I definitely wouldn't want a real-time session invalidation to do anything to my current browser contents. Imagine I log in, start reading a long piece of text, and after a while, while I'm still reading, all of a sudden my browser navigates to this error message page because the session is invalidated. That would be the last time I visited your site.


Javascript implementation becomes more complicated if that website is open across multiple tabs, as each tab would have individual javascript timer. But still there are many big companies (AT&T, Bank of America to name few) that implement it this way to notify that session is about to expire and click OK to extend your session. But it would definitely fail if website is open across multiple tabs.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60774
    
  65

Saurabh Pillai wrote:But it would definitely fail if website is open across multiple tabs.

That depends upon what is meant by "tabs". If a web app spreads itself across many actual browser tabs or pages, then yes., But I've never even seen a site do this. For tabs, usually its a single page with "tabs" simulated via JavaScript and CSS. In this case, there is not any problem with multiple timers.
Saurabh Pillai
Ranch Hand

Joined: Sep 12, 2008
Posts: 506
Bear Bibeault wrote: But I've never even seen a site do this.


What if a user does it. When I go to my banking site, I like to open my checking and credit card account in separate browser tabs so that I don't need to go back and forth to find some information. This is not impractical. You may not remember but I asked the same question few months ago. The example that I mentioned was, you manage Servlet, JSP and HTML forums. You may want to open it in separate tabs and just refresh it whenever necessary to see if there are any new posts posted. Ofcourse, this is about personal preferences.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Session time-out notification
 
Similar Threads
increase servlet timeout period
Kill the Session
Firefox window open on unload
Session Problem
How to introduce Time Out feature in web application