Win a copy of Practical SVG this week in the HTML/CSS/JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Re: automactic logout after inactivity

 
Joe Cheung
Ranch Hand
Posts: 104
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear all,

How can I implement automatic logout after user's inactivity for a certain period of time, says 5 minutes?

Thanks!
Joe
 
Roshini Sridharan
Ranch Hand
Posts: 143
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Why not set a timestamp while loading the page and compare with the system time using clientside script and execute/redirect to the logout page, if they are in the same page say more than 5 minutes.

Hope this helps.

Regards
Roshini.S
[ June 01, 2005: Message edited by: roshini sridhar ]
 
Saulius Sinkunas
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
And why don't you want to use native sessions? Set timeout to į minutes - and it will be logged out automatically.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The simplest way (as Saulius has mentioned) is to leverage the session handling capability in the servlet spec.

When a user logs in, bind an object to their session. It can be anyting but for conversation sake, we'll call it "userBean".

Have every component in your app first check for the existence of the userBean in session before processing a request. If userBean is null, then the session has expired. Redirect the user to the login screen.

If you're using a Servlet Spec 2.3 or higher container you can do this checking quite easily with a filter.
 
Jeffrey Spaulding
Ranch Hand
Posts: 149
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Groundhog day again

This questions gets asked a lot.

All mentioned techniques work good, you could also do the following.

Set you sessiontimeout to nnn minutes and add the following
Meta to your HTML




nnn is, of course the time you did set as your session timeout (maybe a second less just to be on the safe side)

J.
 
vu lee
Ranch Hand
Posts: 208
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
would the existing httpSession be invalidated and marked for garbage collection on the app server if we implement this way?
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by vu lee:
would the existing httpSession be invalidated and marked for garbage collection on the app server if we implement this way?


The session object itself may or may not be recyled by the container.
Everything bound to it (unless other bindings exist) will be marked for garbage collection.

BTW: There is a thread in the JSP forum with a conversation that is almost exactly the same as this one.
http://www.coderanch.com/t/287309/JSP/java/redirect-after-timeout
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!