• Post Reply Bookmark Topic Watch Topic
  • New Topic

How to know a client is trying to use an expired session?  RSS feed

 
Yuriy Zilbergleyt
Ranch Hand
Posts: 429
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello everyone,
I have yet another session question.

If a client with an expired session accesses a servlet, is it possible to know that this is an expired session as opposed to the client trying to access the servlet without having had a session in the first place? Hidden fields would work for servlets loaded as a result of a POST submission, but I would rather not have session information showing up as GET queries.

Thank you in advance,
Yuriy
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I do this by putting an object in the user's session after a successful login.

Then in every component (which is easy to do with a filter) I check to see if that object is there. If it's null, then I know that they have either tried going straight to a component without logging in or that their session has expired. In either case, I redirect them to the login screen.
[ March 25, 2005: Message edited by: Ben Souther ]
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry, jumped the gun.

You could do this by setting your own cookie.
 
Yuriy Zilbergleyt
Ranch Hand
Posts: 429
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the reply Ben!

Could you be a bit more specific about what information I would place in the Cookie?

Googling, I also found the following piece of code:



This differentiates between "no session" and an "invalid session". An invalid session however could be a session that timed out, was explicitly invalidated, or never existed. Assuming we can ignore the last possibility, keeping track in the ServletContext of sessions that were invalidated through a user logout will enable us to identify a session that timed out, right?

Thank you,
Yuriy
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Social Security Number, Password, Credit Card Numbers.....
Sorry, Friday thing...

I imagine their username and the time that they last logged in would be enough for you to figure out if they've already logged in today.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you wanted to be really slick, you could update it with every page hit so you also know what page they were on last.

Then when they log back in, you can bring them right back to it.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!