• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Liutauras Vilda
  • Campbell Ritchie
  • Tim Cooke
  • Bear Bibeault
  • Devaka Cooray
Sheriffs:
  • Jeanne Boyarsky
  • Knute Snortum
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Ganesh Patekar
  • Stephan van Hulst
  • Pete Letkeman
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Ron McLeod
  • Vijitha Kumara

Session timoeout on JSP  RSS feed

 
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

i need to handle session timeout on Jsp in my application. Currently when session is timeout and user clicks on submit button then a request is send for an JSP. Now on this JSP a new session object is created since existing one is expired. I did not want new session to be get created on JSP if older one is expired.

Any help is appreciated!!!
 
Ranch Hand
Posts: 5575
Eclipse IDE Java Windows XP
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
use session="false" at page directive in the particular page

Hope This Helps
 
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
But it will prevent that jsp to participate in any session. As i understand what is required is to not create the session on any jsp invoked after the session has timed-out. What kind of authentication mechanism are you using ?
 
Ranch Hand
Posts: 234
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Whenever session is timedout or becomes invalidate then if the object assocaited with the session has implemented HttpSessionBindingListener interface then this object is notified.

you can use the valueUnbound method and can set some variable in this method which you can use in your JSP.

I didnt try this solution, but i think it should work.

Thnaks
 
vk jain
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i am using Basic authentication
 
Rancher
Posts: 42975
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Not sure what authentication has to do with it, but you haven't stated what you actually want to achieve - that the session should not expire at all, or that -once it has expired- no new one should get created.

The former can be achieved by calling HttpSession.setMaxInactiveInterval

The latter would be very hard, if not impossible, to achieve, and doesn't make much sense to begin with (it denies the user the use of the application).

I'd also note that a new session being created once the old one has expired is standard behavior; why is it not acceptable in your case?
 
Pedro Erencia
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Maybe i'm totally wrong, but i understand the question as "when the session expires i still can access the pages ( whithout being re-authenticated )". If a resource is unprotected and it relays in some session info it can lead to problems. That's why i asked about authentication, but more precise information maybe could avoid misunderstoods.
 
Ulf Dittmer
Rancher
Posts: 42975
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I guess it could be read that way. It's a feature of basic authentication that the credentials are sent by the browser until the browser is shut down. In that sense, there is no connection between authentication and server session.
 
vk jain
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I required to show session timeout page when my session is expired on a jsp page say A.jsp.

Now suppose i am on A.jsp page and my session expired and then i click submit on A.jsp. On clicking submit a new request is sent to server for a Jsp say B.jsp. Now instead of showing B.jsp page i need to show session timeout page as my session is expired.

I apply a check on B.jsp page for seesion object, if session is null then redirect to SessionTimeout.jsp page, as my understanding was that if session is expired then obtaining session using request.getSession(false) will result into null but it returns a new session object. Due to this my checks fails and i end up with B.jsp processing.
 
Pedro Erencia
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
mmmm.. it should return null. At least that is what the specs claims. Then i'd use a filter.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!