Remko (My website)
SCJP 1.5, SCWCD 1.4, SCDJWS 1.4, SCBCD 1.5, ITIL(Manager), Prince2(Practitioner), Reading/ gaining experience for SCEA,
Originally posted by I Wayan Saryada:
Hello,
You can check whether a session has been timed out by checking if an attribute is exists in the session object. This attribute was placed there upon a successful login attempt. When you found no attribute in the session you can redirect the user to a login page.
Originally posted by Radhakrishna Bhat:
isnt httpsessionlistener best way?
Originally posted by Ben Souther:
This, in my opinion, is, by far, the easiest, and more reliable way to do this.
[ January 02, 2008: Message edited by: Ben Souther ]
Originally posted by Satish Kumar:
but now how will i redirect to a custom page showing a session expiry message and at the same time redirecting to a login page if accessing a page(which should accesible after login) without logging in.
Originally posted by Bear Bibeault:
Why would you want to show the user a session expiry message page? Most apps will simply forward to the login page so that the user can login. If need be, a message can be placed on the login page telling the user that his or her session has expired, but why make them go through an entire page just for a message?
Originally posted by Satish Kumar:
(another interesting thing is that even request.getSession(false) returns true in struts framework)
Originally posted by Ben Souther:
Checking for a particular object in session, is very simple and very reliable.
Remko (My website)
SCJP 1.5, SCWCD 1.4, SCDJWS 1.4, SCBCD 1.5, ITIL(Manager), Prince2(Practitioner), Reading/ gaining experience for SCEA,
Originally posted by Satish Kumar:
there is now way to know whether to differentiate whether the request has come for first time or whether the request has an session id of a timed out session
Originally posted by Satish Kumar:
...
In simple words just by setting an attribute in session you cannot trigger two sets of actions.
Satish Kumar wrote:how can we determine whether a session has been timed out. (to redirect to a custom page if session has been timed out.)
using session.isnew() and isRequestedSessionIdValid() methods from HttpServletRequest returns true even before the login.
what is the way to differentiate the two events 1) before login 2) login and session time out.
please suggest appropriate way to do this.
Consider Paul's rocket mass heater. |