Win a copy of Testing JavaScript Applications this week in the HTML Pages with CSS and JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

help with jsp redirection after timeout

 
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all

i am looking for help into 2 things;
how to redirect users to a logout page automatically when the session expires,
(i have a lot of jsp/html pages in this web-app, can this be done through tomcat maybe aka globally)
and/or
when a user clicks on a link in a page but his session has expired how to
redirect them to the login page and back again to the original requested link

any help or pointing me in the right direction is greatly appreciated.
 
Ranch Hand
Posts: 331
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

thomas Fuchs wrote:
when a user clicks on a link in a page but his session has expired how to
redirect them to the login page



You can do it with filters-

This filter would intercept all the requests to those jsps that require that the session has not expired.

In the filter,
check with a request.getSession(false) whether the session doesn't exist.
In that case, do a respone.sendRedirect(loginPage)
If you find that the session exists, you wouldn't have to do anything.

 
Marshal
Posts: 67424
173
Mac Mac OS X IntelliJ IDE jQuery Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Vishwanath Murthi wrote:check with a request.getSession(false) whether the session doesn't exist.


While using a filter is a good idea -- it's how I always do it -- checking the session itself isn't such a good idea. Rather, check for the existence of an authentication token that you place on the session when the user logs in.
 
Vishwanath Krishnamurthi
Ranch Hand
Posts: 331
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Bear Bibeault wrote:checking the session itself isn't such a good idea. Rather, check for the existence of an authentication token that you place on the session when the user logs in.

thanks, good to know.
 
Consider Paul's rocket mass heater.
    Bookmark Topic Watch Topic
  • New Topic