• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Bear Bibeault
  • Junilu Lacar
  • Martin Vashko
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Knute Snortum
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Scott Selikoff
  • salvin francis
  • Piet Souris

Correct way to check Session timeout?

 
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can anyone help with this?

I want to be able to

1. detect when the session has timed out & force the users back to the home page?

2. (this is the hard one!) prevent users from bookmarking pages (i.e actions) & trying to gain access to the application using these bookmarks without going through the main page first?

many thanks for any help!

cheers

harry
 
Ranch Hand
Posts: 254
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You will not be able to keep people from bookmarking pages. Unless you never refresh the url from the login url. You should assign a filter to the secure section and check the session to see if the user is logged in. If not, send to login page. Check session like this:

In login page, upon login:

request.getSession().setAttribute("loggedIn", new Boolean(true));

In filter

Boolean loggedIn = (Boolean)request.getSession().getAttribute("loggedIn");
if( loggedIn != null || !loggedIn.booleanValue() ) {
response.sendRedirect( "/login.do" );
return;
}

Be sure to return from filter instead of using the normal chain.doFilter method. This will make it not matter if they bookmark or not, as they will be redirected to login.
[ August 09, 2005: Message edited by: Kerry Wilson ]
 
pie sneak
Posts: 4727
Mac VI Editor Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Part 2 can be solved by using tokens in the Actions that require entry first through the main page. When a user bookmarks a page, the token is not saved with the url.
 
A Harry
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks for your answers chaps!

Marc, can you elaborate a bit on these tokens for me please? - would you happen to have any sample code you could post here?

sorry to sound a bit thick!

many thanks

harry
 
Marc Peabody
pie sneak
Posts: 4727
Mac VI Editor Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Action javadoc

You'll primarily use saveToken() and isTokenValid().
 
What's that smell? Hey, sniff this tiny ad:
Java file APIs (DOC, XLS, PDF, and many more)
https://products.aspose.com/total/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!