User Idle Time?

Hello,

How can I get idle time of the user using Servlet API?

Let's say,

I logged on to the appliaction by providing valid username and password but I am not doing anything keeping the application idle (I need to get this idle time).

The idle time for each user is different. if user-A is idle for 5 min invalidate his session,if User-B is idle for 30 min invalidate his session.
As long as user is doing some thing I need to extend his session.

I am assuming like..but this is wrong....

long idleTime = session.getLastAccessedTime() - session.createTime();

some thing like..

long idleTime = xxxx - session.getLastAccessedTime();

xxxx should not be current time in milliseconds because of current time and LastAccessedTime always same.

Any idea?

Many thanks,
Sirish

Hi,
I'm not sure about your problem, but it seems to me that the method 'HttpSession.setMaxIntervalTime(int seconds)' should fit.

Hi,

Thanks for your reply!

HttpSession.setMaxIntervalTime()- this method will invalidate the session on the server. but How can i take my user back to login screen after HttpSession.setMaxIntervalTime(120) - 120 sconds??
No where we are telling/defining that after 120 idle seconds take the user back to login screen, right?

I am trying to caluculate idle time my self and i would like to call session.invalidate()?

Which is one is the better solution? Any idea?

Many thanks,
Sirish

After that interval the session expires, so if you check for a valid session, there won't be one. In that case, redirect the user to the login page (unless he's coming from the login page, but in that case the request should contain the username and password he just entered).

Hi,
a nice idea might be to create a filter: if getSession(false) does not give you any session, you dispatch your request to a login page, for example. This way, wherever you are, you can control any access to your web application.

Originally posted by Sirish Kumar GongalReddy:
The idle time for each user is different. if user-A is idle for 5 min invalidate his session,if User-B is idle for 30 min invalidate his session.

You cannot assign different session timeout for different users.If a property of the session itself and will be applicable for all the session objects created by that application.

Hi Rahul,

I don't agree with your post.
If you set the session timeout into web.xml, all sessions will have that timeout period. But if you programmatically set it, you change it for that session only.

From the APIs:

setMaxInactiveInterval

public void setMaxInactiveInterval(int interval)

Specifies the time, in seconds, between client requests before the servlet container will invalidate *this* session. A negative time indicates the session should never timeout.

Parameters:
interval - An integer specifying the number of seconds

I am not sure about this , as no where in the specification its specified that if the session is set using setMaxInactiveInterval() then it only for that particular session.All it says that its another way to specify session timeout other then using the web.xml.

[RB]: I am not sure about this , as no where in the specification its specified that if the session is set using setMaxInactiveInterval() then it only for that particular session.

It does says that :

Specifies the time, in seconds, between client requests before the servlet container will invalidate this session. A negative time indicates the session should never timeout.


[EDIT]
Ohh just saw Mirko's post.
[ May 21, 2007: Message edited by: Anupam Sinha ]

Originally posted by Anupam Sinha:

It does says that :

Specifies the time, in seconds, between client requests before the servlet container will invalidate this session. A negative time indicates the session should never timeout.

So its all about the word this.
Learnt an interesting thing.

Hi Ulf,

Thanks for response!
-----------------------------------------------------------------------
After that interval the session expires, so if you check for a valid session, there won't be one. In that case, redirect the user to the login page (unless he's coming from the login page, but in that case the request should contain the username and password he just entered).
------------------------------------------------------------------------

I do agree with the above solution but some how it's not fitting into my requirement. What I would like to do is,

1) As long as user is performing some action I don't want kill user session. (This is the case I need to keep on extending his session interval)

2) User just logged on to the application and not doing anything just sitting idle (Server is not receving any requests from the user) for 10 min (again idle time for each user is different, If user is Admin session never expires for him) then Kill/invalidate the user session take him back to dash board.

3) Let me give you a scenario..if I logged on to https://online.lloydstsb.co.uk/customer.ibc and you are doing some action like money trasfering, profile updating......anything your session never expires if you sit idle for 10 min your session will expires.
Yes I want to implement the same

How they are managing the session?

Many thanks,
Sirish

Sirish,
I'm not clear on where you see the problem. That's exactly what setMaxInactiveInterval does: expire the session after a set interval of inactivity, no matter how old the session is.