• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Tim Cooke
  • Jeanne Boyarsky
  • Liutauras Vilda
Sheriffs:
  • Frank Carver
  • Henry Wong
  • Ron McLeod
Saloon Keepers:
  • Tim Moores
  • Frits Walraven
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Piet Souris
  • Himai Minh

Forcing Relogin

 
Ranch Hand
Posts: 315
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
How can I force a user to relogin for authentication after n {ex- 15 minutes} minutes irespective of the user session being active.

Thanks
Neeraj
 
Sheriff
Posts: 67663
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Why not rely upon session timeout?
 
Neeraj Vij
Ranch Hand
Posts: 315
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I want to logout the user even if the session is active.

default session-timeout in web.xml will be for inactive session timeout. Please correct me, if I have got it wrong.


Thanks
Neeraj
 
Ranch Hand
Posts: 489
Eclipse IDE Tomcat Server Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Depending on the server that you are using, you can force the session cookie to expire after a fixed interval. In Weblogic you may specify the cookie-max-age-secs in weblogic custom deployment file - weblogic.xml

It's possible to achieve the same effect through custom coding, but probably not in the request when the session is first created. In subsequent requests, you can iterate through the list of cookies in the request, pick up the one with the name 'JSESSIONID' and call setMaxAge() on it. But before going down that path, I would suggest that you read these resources - http://www.javaworld.com/community/node/3673 and http://blogs.bytecode.com.au/glen/2006/03/31/what-grandma-never-told-you-about-cookie-setmaxage-0----.html

cheers,
ram.
 
Sheriff
Posts: 6957
1317
IntelliJ IDE jQuery Eclipse IDE Postgres Database Tomcat Server Chrome Google App Engine
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you don't want to touch the session cookie, you can store a separate cookie at login that defines your time limit as the max age of it. Use an intercept filter that checks the availability of that cookie and invalidate the session when that cookie is not available.
 
Neeraj Vij
Ranch Hand
Posts: 315
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
thanks for providing valuable inputs.. both seems very good.

I thougt of one more option using tag for redirecting it logout action and then redirecting the user to login

many thanks
neeraj.
 
ramprasad madathil
Ranch Hand
Posts: 489
Eclipse IDE Tomcat Server Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The meta tag has this syntax

<

where the timeInSeconds will be the value after which the refresh has to occur. So if you are proposing that you would give a value of 15 minutes (15*60), then it would work only if the user is inactive for that period. However if the user continues to interact with the server within this 15 minute period, the session will never expire.

Also if you do go down this path, remember to invalidate any existing sessions in the login page.

cheers,
ram.

 
Space pants. Tiny ad:
the value of filler advertising in 2021
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic