• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Jeanne Boyarsky
  • Junilu Lacar
  • Henry Wong
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Frits Walraven
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • salvin francis
  • fred rosenberger

Correct way to check Session timeout?

 
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can anyone help with this?

I want to be able to

1. detect when the session has timed out & force the users back to the home page?

2. (this is the hard one!) prevent users from bookmarking pages (i.e actions) & trying to gain access to the application using these bookmarks without going through the main page first?

many thanks for any help!

cheers

harry
 
Ranch Hand
Posts: 254
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You will not be able to keep people from bookmarking pages. Unless you never refresh the url from the login url. You should assign a filter to the secure section and check the session to see if the user is logged in. If not, send to login page. Check session like this:

In login page, upon login:

request.getSession().setAttribute("loggedIn", new Boolean(true));

In filter

Boolean loggedIn = (Boolean)request.getSession().getAttribute("loggedIn");
if( loggedIn != null || !loggedIn.booleanValue() ) {
response.sendRedirect( "/login.do" );
return;
}

Be sure to return from filter instead of using the normal chain.doFilter method. This will make it not matter if they bookmark or not, as they will be redirected to login.
[ August 09, 2005: Message edited by: Kerry Wilson ]
 
pie sneak
Posts: 4727
Mac VI Editor Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Part 2 can be solved by using tokens in the Actions that require entry first through the main page. When a user bookmarks a page, the token is not saved with the url.
 
A Harry
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks for your answers chaps!

Marc, can you elaborate a bit on these tokens for me please? - would you happen to have any sample code you could post here?

sorry to sound a bit thick!

many thanks

harry
 
Marc Peabody
pie sneak
Posts: 4727
Mac VI Editor Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Action javadoc

You'll primarily use saveToken() and isTokenValid().
 
Every time you till, you lose 30% of your organic matter. But this tiny ad is durable:
Devious Experiments for a Truly Passive Greenhouse!
https://www.kickstarter.com/projects/paulwheaton/greenhouse-1
    Bookmark Topic Watch Topic
  • New Topic