File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JSP and the fly likes expire the session on a particular condition Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "expire the session on a particular condition" Watch "expire the session on a particular condition" New topic
Author

expire the session on a particular condition

chandr prakash
Ranch Hand

Joined: Jan 29, 2011
Posts: 32
I have written a test.jsp,web.xml and Session listener.For session timeout i am using HttpSessionListener feature.My session is getting invalidated after 1 minute,when there is no user interaction with the session. Technology used : JSP,Servlet









My requirement is : When there is no interaction of user with the session for 1 minute, i want to invalidate session depending on some database value. If database value is false then session should not be invalidated. If database value is true then session should be invalidated. But after 1 minuter(when there is no interaction of user with the session), sessionDestroyed function of SessionListener class is automatically called and i am not able to check database value. How can i do this?

I am getting crazy with this problem.It is really awful.Im pretty new to this, so Im trying to post everything you need to understand my problem:

sailaja usha
Greenhorn

Joined: Jun 23, 2012
Posts: 13

hi

In web.xml file,
<session-config>
<session-timeout>1</session-timeout>
</session-config>

try to reset the session-timeout value


regards
Sailaja
chandr prakash
Ranch Hand

Joined: Jan 29, 2011
Posts: 32
Seems like i am not able to understand you the problem
Thnankx for reply
Session should be expired (timedout-when there is no interaction of user with the session) depending on some database value,
{This database value is updating by some other module} if expiraton of session is disabled in database then should not be
expired. If it is enabled then only session should be expired. At the time of calling of 'sessionExpired' method of SessionListener class (and this method is automatically called after session-timeout period) ,session is already expired, so i am not able to check database value before session expiration
Sabarish Venkat
Ranch Hand

Joined: Jan 18, 2012
Posts: 136

The session config in XML plays a vital role for session time out. you have to set it as your wish to get the session maintained for example if you set 1000 in that instead of 1 it will make your session long.
In web.xml file,
<session-config>
<session-timeout>1</session-timeout>
</session-config>
Seetharaman Venkatasamy
Ranch Hand

Joined: Jan 28, 2008
Posts: 5575

(not tested though...)
1.dont set time out in web.xml
2.every 1 minutes(what ever you want to be session time-out time), send ajax request to check your DB value for a user from your header.jsp/or what ever appropriate.
if the user need not to get expire keep alive, else invalidate.

[correct me, if I am wrong]
chandr prakash
Ranch Hand

Joined: Jan 29, 2011
Posts: 32
@Sabrish : Thankx for reply,kindly please read following lines once again.
My requirement is : When there is no interaction of user with the session for 1 minute, i want to invalidate session depending on some database value. If database value is false then session should not be invalidated. If database value is true then session should be invalidated. But after 1 minute(when there is no interaction of user with the session), sessionDestroyed function of SessionListener class is automatically called and i am not able to check database value. How can i do this?

so,Sesion should be expired or not,This decision will be taken only after checking db value, so i think i have to remove 'session-timeout' parameter from web.xml files OK.


@Venkatasamy : Thankx for reply, you understood my problem correctly,but i dont know how ajax will do request after 1 minute to check my db value.Can you please give me your piece of code or you can please direct me to some link(or some simple example) explaining about this.Waiting for your reply?
Sabarish Venkat
Ranch Hand

Joined: Jan 18, 2012
Posts: 136

Understood your prob chandr my suggestion is you can use XML file itself to retrieve the value using JSTL concepts. say for ex: if you have a value of your DB in a variable then you can call the variable using the XML file itself that too inside the session config tag itself, no need to remove it.
chandr prakash
Ranch Hand

Joined: Jan 29, 2011
Posts: 32
@sabrish..thankx for reply,not able to undersand your solution ....! Can you give me your code or you can do changes in the example which i have given in my post
Seetharaman Venkatasamy
Ranch Hand

Joined: Jan 28, 2008
Posts: 5575

my solution will not work here... becasue even user in active after 1 minutes he get invalidate if DB says! :( I need to think some other way
Seetharaman Venkatasamy
Ranch Hand

Joined: Jan 28, 2008
Posts: 5575

Ok, the time of ajax request you need to subtract getLastAccessedTime() from current time if it is 1 mins then do invalidate.
for ajax request details please google.
Sabarish Venkat
Ranch Hand

Joined: Jan 18, 2012
Posts: 136

@venkataswamy you are right that's the good solution for this prob..

chandr you can try what venkataswamy saying that will solve your prob
chandr prakash
Ranch Hand

Joined: Jan 29, 2011
Posts: 32
@Sabarish, @Seetharaman
I tried, code as suggested by you and followings are modified jsps.


SessionValidate.jsp


On body onload i am calling 'callFunction' java script function and this functions is calling function 'abc' in the interval of 22 seconds.This abc function is directing to 'SessionValidate.jsp' using ajax. In 'SessionValidate.jsp' i am fetching value from database(whether sessionExpiration is enabled or disabled) and checking the diference of session last accessed time and current time. On basis of above two condition(database value,difference of session.lastAccessedTime and currentTime) I am passing this responseText to 'index.jsp' and if responseText is true then i am forwarding control to 'DestroySession.jsp'.

But when i executed the code,it is not happening like as i was expecting,logs are



I didnt interact with browser session and as we can see from logs even without interactio of user with session '{sesion last accessed time}' is continuously changing.
So,I was relying on session.getLastAccessedTime, which is continuously changing.......
Am i on right direction? or i have to change the code?
Sabarish Venkat
Ranch Hand

Joined: Jan 18, 2012
Posts: 136

I don't feel your code touches the DB for validation, even you mentioned


does it touches and validates the DB how you ensure it.
chandr prakash
Ranch Hand

Joined: Jan 29, 2011
Posts: 32
@Sabarish, thankx for reply..... This is my fault, I should have to mention following lines in my above post

I will do it(Fetching value from database) later,currently i have hardcoded it, later on i will replace it with api(fetching database value.)
currently i want to test it with hardcoded value just to check whether all the things are correctly working or not.
database value is updating by some other modules.
chandr prakash
Ranch Hand

Joined: Jan 29, 2011
Posts: 32
@sabrish......Am i clear?
Stefan Evans
Bartender

Joined: Jul 06, 2005
Posts: 1018
The issue with an "ajax" solution here is that each ajax request will reset the "last accessed time" for the session.

A server side solution would be better.

You would need to
- keep track of each and every session created (via your session listener, you could keep a map of sessions)
- set up a thread which would iterate through the map of sessions, check if they are still active, and expire/remove them if necessary.

Travis Berthelot
Greenhorn

Joined: Oct 30, 2004
Posts: 24
Why tell him to use AJAX on a server problem?

Session is the server object in question and not javascript or a request from a client.
Sabarish Venkat
Ranch Hand

Joined: Jan 18, 2012
Posts: 136

@ Travis : No stefan is right only server side process can keep the session for entire state so its better than ajax.

@chandr: Session listener will be best for your problem keep a session listener and call it in all the pages, then get the DB value and compare it in a servlet iteslf. finally call it in jsp it would be better
Seetharaman Venkatasamy
Ranch Hand

Joined: Jan 28, 2008
Posts: 5575

you can keep latest 2 lasted accessed time and flag your ajax request.. Okay and now
can we try some other approach like below?
feeling like I am wasting more time though...
requests:
1. create session and put the timestamp

2. System.currentMillsTime() - session.getAttribute("timestamp") >= timeOutTime => flag

3. if(flag && dbFlag) then session.invalidate();

* you need to perform (2) and (3) for every request.

any leak here? :wink:
Shailesh Narkhede
Ranch Hand

Joined: Jul 10, 2008
Posts: 368
Hi All,

we can use filter for this requirement.






In above code currentTime-lastAccessTime will give us the time between current request & last request, we can have a check with 60 second as per requirement & with that we can put a check for a DB flag...
but if we do a db query over here in filter then that DB hit will occur for each and every request for that application. but if we want to check that db flag dynamically from DB for each request then we need this DB call, but if that DB flag is something like setting done on start up then we can have that flag in context & check the condition by retrieving it through context.


Thanks,
Shailesh
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: expire the session on a particular condition