aspose file tools*
The moose likes Servlets and the fly likes Auto redirect to session timeout page on session expiry without waiting for user interaction. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Auto redirect to session timeout page on session expiry without waiting for user interaction." Watch "Auto redirect to session timeout page on session expiry without waiting for user interaction." New topic
Author

Auto redirect to session timeout page on session expiry without waiting for user interaction.

Devesh Gote
Greenhorn

Joined: Jul 21, 2009
Posts: 2
During development we came across such situation where we need to redirect user to session timeout /logout page once session is expired.
Prerequisite was that system should not wait for user interaction to trigger the event, instead it should be automated .

I am unaware whether such solution is already posted in this forum or not but i am posting one which we had implemented .
There may be more optimized solutions :-)

Before we start few facts that needs to be considered .
  • This solution works on filter, where each url is intercepted by filter , but as per needs it can be configured depending on situation which url should / should not be filtered. Its finally your decision.
  • Web.xml would be affected .
  • One common jsp / common.js file that should be present on every jsp page . We used common jsp page which was included as header in page.
  • Current implementation is using Jquery,JQuery is used for AJAX polling. It can also be done using javascript
  • This is the sample code where back button / forward button code is not implemented as well as session is not invalidated.


  • Note: This solution clears session manually but not invalidates.
    Due to continuous AJAX poll session will never get invalidated by container, while clearing session we can invalidate it or logout action can be used to invalidate the session
    This solution just redirect the idle user to logout page which is not dependent on user interaction
    .

  • Writing Filter:



  • Entry in web.xml



  • Javascript Code:This should be in common jsp / js file that is present on each jsp / html page.

  • Tim Holloway
    Saloon Keeper

    Joined: Jun 25, 2001
    Posts: 16145
        
      21

    Because of the fundamental rules of HTTP protocol, you cannot receive an unsolicited http (page) response from any HTTP server (including Java servers). You appear to be aware of that, but I always like to mention it because often people are not.

    You can use client-side JavaScript to poll (solicit) for a "timeout page" request, however, the normal J2EE timeout mechanisms does not distinguish between such polls and an actual active session, so the timeout would repeatedly reset and you would be worse off than if you hadn't polled at all because the server would never timeout. You appear to have attempted to avoid this, although with what appears to be a more complex mechanism than is actually necessary.

    If you manually manage the server timeout, you can avoid this by using a special poll URL and making the filter skip resetting the session's manual timeout indicator when that URL comes in (the server's timeout indicator will reset regardless, but you can ignore that). The polling does add cost to the server, however. Incidentally, instead of all the header-fu, just have the filter compute the updated timeout timestamp and store it in the session for comparison against poll requests. Less complicated and less likely to be hackable from ill-behaved clients.

    A simpler way to do the date comparison is to compute the timeout time as a Date like so:



    Where TIMEOUT_INTERVAL = 1000 * 60 * minutes_to_timeout, since it's in milliseconds. Store "expired" as a Session-scope object.

    To check for expiration:


    An alternative that does not require all the server interaction would be to partition the pages into two parts (using DIVs, for example). One DIV would be normal content, the other would be the timeout display, made invisible. Run the timeout as a time-delay client event in parallel with the normal server timeout, and when the timeout expires, hide (or destroy) the normal content and make the timeout part of the page visible.


    Customer surveys are for companies who didn't pay proper attention to begin with.
     
    I agree. Here's the link: http://aspose.com/file-tools
     
    subject: Auto redirect to session timeout page on session expiry without waiting for user interaction.