• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Tim Cooke
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Knute Snortum
  • paul wheaton
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Ganesh Patekar
Bartenders:
  • Tim Holloway
  • Carey Brown
  • salvin francis

session is not invalidating

 
Ranch Hand
Posts: 51
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

I have made the following configuration in web.xml file but it is not invalidating the session. Or session is not timed out as after 5 minutes if I refresh the page.

<session-config>
<session-timeout>5</session-timeout>
</session-config>

please help.

Also what I want that after session is timed out I want to redirect to login page if possible. Is there any way to do this .........

But How to do this ?


Thanks

Amitindia
 
Ranch Hand
Posts: 1026
 
harish pathak
Ranch Hand
Posts: 51
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks for your reply.

But after restarting the tomcat it is not redirecting to any page.

Thanks
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How do you know the session is not invalidating?
 
Ranch Hand
Posts: 73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
write session.jsp

<% session.getsession(false);
if(session==null)
response.sendRedirect("\login.jsp");
%>

Add this JSP in all your jsp pages by writing following
<%@include page="session.jsp"%>

So next time if u refresh your jsp after 5 minutes and if your session has expired it will automatically redirect you to login.jsp
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Originally posted by Kartik Patel:

<% session.getsession(false);


Kartik,
Did you mean request.getSession(false)?

I'm still waiting for the original poster to let me know how he knows that the session isn't invalidating.
 
Ranch Hand
Posts: 71
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thought I will add one more way to invalidate session.

We can set MaxInactiveInterval in HttpSession object using the method setMaxInactiveInterval.

Having said that, I am wondering what is the best way to do this?

Please share if anyone knows what's the difference?
Following are some assumptions I made. Correct me if I am wrong.
1. HttpSession.setMaxInactiveInterval overrides the entry in web.xml
2. web.xml is configurable???
 
Vishnu Prakash
Ranch Hand
Posts: 1026
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


Following are some assumptions I made. Correct me if I am wrong.
1. HttpSession.setMaxInactiveInterval overrides the entry in web.xml



Yes you are correct.


2. web.xml is configurable???



You can configure session time in web.xml with



The difference is you specify session duration in minutes in web.xml whereas in setMaxInactiveInterval() you specify session duration in seconds
 
Nothing? Or something? Like this tiny ad:
Java file APIs (DOC, XLS, PDF, and many more)
https://products.aspose.com/total/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!