Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

session timeout

 
peter leigh
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, I'm trying to get my application to timeout after a specific time period of no activity from the user: I added:

<session-config>
<session-timeout>1</session-timeout>
</session-config>

to my web.xml file which I think should timeout the session after 1 minute, but nothing is happening i.e. I load a page and wait a minute and it does not get redirected after 1 minute. Could anybody please tell me what I'm missing.
Thanks.
 
peter leigh
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry, I guessed I forgot to add that I want the user to get redirected to my welcome page when the session is timed out.
Thanks
 
Marco Ehrentreich
best scout
Bartender
Posts: 1294
IntelliJ IDE Java Scala
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Peter,

the session timeout you set with web.xml just means that all data in session scope get invalidated after this timeout - nothing more.

Why do you think it should do a redirect or something like this? Perhaps it would be a good idea to do this on the client side with JavaScript (although I don't know if it's possible and how).

Marco
 
peter leigh
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
From what I read about the timeout I was under the impression that it did more then just clear all the session data.
 
Marco Ehrentreich
best scout
Bartender
Posts: 1294
IntelliJ IDE Java Scala
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Unfortunately it doesn't... Perhaps you was confused from API documentation saying
The server can maintain a session in many ways such as using cookies or rewriting URLs.
But this only means the servlet container is able to maintain a session via cookies or by encoding the session ID into the URL if the client/browser doesn't allow cookies.

You can use the HttpSessionListener interface to get notified when any session is created or destroyed but this won't help you in this case. You can only send a redirect in response to a direct client request so the client side have to take action in order to do a redirect. This is the reason why I said it's probably the easiest way if you use JavaScript on the client side. Another more modern alternative could be "Direct Web Remoting" (DWR) which is like AJAX but works in the opposite direction. Perhaps somebody here has more experience with this...

Marco
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic