Forum:

Servlets

Forcing Relogin

Ranch Hand

Posts: 315

posted 13 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

How can I force a user to relogin for authentication after n {ex- 15 minutes} minutes irespective of the user session being active.

Thanks
Neeraj

Bear Bibeault

Sheriff

Posts: 67747

173

I like...

posted 13 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

Why not rely upon session timeout?

[Asking smart questions] [About Bear] [Books by Bear]

HTML 5 (verified skill)
Skill verified by Jeanne Boyarsky

CSS 3 (verified skill)
Skill verified by Jeanne Boyarsky

JavaScript (verified skill)
Skill verified by Jeanne Boyarsky

Neeraj Vij

Ranch Hand

Posts: 315

posted 13 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

I want to logout the user even if the session is active.

default session-timeout in web.xml will be for inactive session timeout. Please correct me, if I have got it wrong.

Thanks
Neeraj

ramprasad madathil

Ranch Hand

Posts: 489

I like...

posted 13 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

Depending on the server that you are using, you can force the session cookie to expire after a fixed interval. In Weblogic you may specify the cookie-max-age-secs in weblogic custom deployment file - weblogic.xml

It's possible to achieve the same effect through custom coding, but probably not in the request when the session is first created. In subsequent requests, you can iterate through the list of cookies in the request, pick up the one with the name 'JSESSIONID' and call setMaxAge() on it. But before going down that path, I would suggest that you read these resources - http://www.javaworld.com/community/node/3673 and http://blogs.bytecode.com.au/glen/2006/03/31/what-grandma-never-told-you-about-cookie-setmaxage-0----.html

cheers,
ram.

Devaka Cooray

Sheriff

Posts: 7136

1360

I like...

posted 13 years ago

1
Number of slices to send:

Optional 'thank-you' note:

Send

If you don't want to touch the session cookie, you can store a separate cookie at login that defines your time limit as the max age of it. Use an intercept filter that checks the availability of that cookie and invalidate the session when that cookie is not available.

Author of ExamLab - a free SCJP / OCPJP exam simulator
What would SCJP exam questions look like? -- OCPJP Online Training -- Twitter -- How to Ask a Question

Neeraj Vij

Ranch Hand

Posts: 315

posted 13 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

thanks for providing valuable inputs.. both seems very good.

I thougt of one more option using tag for redirecting it logout action and then redirecting the user to login

many thanks
neeraj.

ramprasad madathil

Ranch Hand

Posts: 489

I like...

posted 13 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

The meta tag has this syntax

<

where the timeInSeconds will be the value after which the refresh has to occur. So if you are proposing that you would give a value of 15 minutes (15*60), then it would work only if the user is inactive for that period. However if the user continues to interact with the server within this 15 minute period, the session will never expire.

Also if you do go down this path, remember to invalidate any existing sessions in the login page.

cheers,
ram.

Did you see how Paul cut 87% off of his electric heat bill with 82 watts of micro heaters?