• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Jeanne Boyarsky
  • Liutauras Vilda
  • Campbell Ritchie
  • Tim Cooke
  • Bear Bibeault
Sheriffs:
  • Paul Clapham
  • Junilu Lacar
  • Knute Snortum
Saloon Keepers:
  • Ron McLeod
  • Ganesh Patekar
  • Tim Moores
  • Pete Letkeman
  • Stephan van Hulst
Bartenders:
  • Carey Brown
  • Tim Holloway
  • Joe Ess

security related  RSS feed

 
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
suppose i want my application to be such that , if any action is not done for some stipulated time peroid on any jsp page ,and after that stipulated time if user tries to do some action on that jsp page, he should be taken back to login jsp..... what is the code for this ???
 
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I do this by putting an object into their session after a successfull login.
Then in all pages that require a valid session, I check for the existance of this object (using a filter). If this object is null, I forward them to the login page.

This would acomplish what you want. If they try to submit the form after the session expires, they would be sent to login.
[ February 10, 2005: Message edited by: Ben Souther ]
 
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Originally posted by venu navat:
suppose i want my application to be such that , if any action is not done for some stipulated time peroid on any jsp page ,and after that stipulated time if user tries to do some action on that jsp page, he should be taken back to login jsp..... what is the code for this ???



You could set a session timeout, either with the <session-timeout> in the web.xml or with the setMaxInactiveInterval in the servlet/jsp, then if that time the user was inactive then the session expires and any objects in the session are deleted, then you would have to check for your session and if not valid.... goes back to the login
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!