Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

When a session ends?

 
Siva Jagadeesan
Ranch Hand
Posts: 160
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi everybody :
ia m not quite sure abt the session concept . can anyone tell me when it ends or should end it explicitly?
thank you
siva
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13074
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HttpSession objects are managed by the servlet container (engine) - there is a default expiration time of 30 minutes in the Tomcat and JRun servlet engines. You should be able to configure the default timeout. You can also set the expiration time for a session object with setMaxInactiveInterval( int seconds )
You can force the servlet container to destroy a session with the invalidate() call.
Bill
 
Siva Jagadeesan
Ranch Hand
Posts: 160
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear Mr.Bill:
Okay let me tell u my problem . I have login screen . whne the user enters the username nad the password the Loginservlets chceks the validity . If the user is porfessor it send s ProfessorMain.jsp or if the user is TSudent it sends to studentMain.jsp . My problem is when i press the "back" button in the browser it goin to the lOgin.html again. That's not a problem , but when i press the "forward" button it goes to the ProfessorMain.jsp . How can i avoid it ?
Thank you
siva
 
Mirko Froehlich
Ranch Hand
Posts: 114
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It only goes to "ProfessorMain.jsp" if this is where the user was redirected before, after logging in, right? In this case, there's nothing you can do about it, because it is the browser that handles this and not the server. Why is this causing a problem anyway?
-Mirko
 
Siva Jagadeesan
Ranch Hand
Posts: 160
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear Mirko:
What if the user is usin a public computer .and someones enters the system with teh forward button . it will be a distresses. IS there anyway i can avoid it . Like checkin the validation etc in the LoginServlet.
Let me know
Siva

Originally posted by Mirko Froehlich:
It only goes to "ProfessorMain.jsp" if this is where the user was redirected before, after logging in, right? In this case, there's nothing you can do about it, because it is the browser that handles this and not the server. Why is this causing a problem anyway?
-Mirko

 
Anonymous
Ranch Hand
Posts: 18944
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can explicitly end the session using sessionname.invalidate()
where sessionname is the name of the Session object.
I hope this helps
Originally posted by Sivakumar Jagadeesan:
Dear Mirko:
What if the user is usin a public computer .and someones enters the system with teh forward button . it will be a distresses. IS there anyway i can avoid it . Like checkin the validation etc in the LoginServlet.
Let me know
Siva


 
MATT JACKSON
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Perhaps the login could also be a JSP. just check to see if there is a session active and if so, invalidate it.
Sorta like this: <% if (! session.isNew()){
session.invalidate();
}
%>
 
milan doshi
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello everyone,
What MATT says makes a lot of sense.
It is seen on many Websites that if we do not enter through the homepage ( or the desired page ) we are unable to access it.
Hence similar logic needs to be applied here, i.e to the LOGIN page. The LOGIN page has to be generated throygh a SERVLET(or a JSP)
and NOT through static HTML. The advantage here is that
* during the login page we can create a Session
* Check in the student.jsp\professor.jsp pages( i.e in subsequent pages) if the session already exists, if not either redirect to the LOGIN page or give an REGRET Message.

Hope this will be of some help,
Milan
[This message has been edited by milan doshi (edited November 30, 2000).]
 
Siva Jagadeesan
Ranch Hand
Posts: 160
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Everybody:
Thank you all
I changed my Login.html as Login.jsp
and added this line
<% HttpSession ses = request.getSession(true);
if(!(ses.isNew())){
out.println("<p align=\"center\"><font color=\"#000000\" size=\"3\" face=\"Georgia\">Invalid Account Info! Please enter again ... <br> Contact the Admin if you forgot ur account information</font></p>");
}

ses.invalidate();
%>

I have a major and stupid doubt
can i use HTML inside a scriplet instead of using out.println.
Is there any other better way to do this?
siva
 
Frank Carver
Sheriff
Posts: 6920
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sivakumar Jagadeesan wrote can i use HTML inside a scriplet instead of using out.println.
Sure, just stop the scriptlet, put your html in the JSP, and start the scriptlet again. For example:
 
Siva Jagadeesan
Ranch Hand
Posts: 160
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear Frank :
Thank you.
I think that was so dumb
lov
siva
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic