I have having a spot of bother managing the session timeout with a simple application based on MyFaces and Richfaces running on
Tomcat.
My requirements:
1) When the session expires, gracefully clean up
2) When someone navigates directly to a page and does not have a session, send them to the login page.
3) After a person's session has timed out, show a timeout page and then redirect to the login page.
The first two are easy. I simply defined a listener and filter in the web.xml. One listening to for session expiry (safely closing connections, cleaning up temp files etc.) and the other checking if they have a valid session; if not, redirecting to the login page.
For the third I have been trying a number of things and getting no where fast. My main issue is trying to tell the difference between a new user trying to skip past the login page and an existing user whose session has timed out.
I've tried a PhaseListener, but that didn't quite work; I've tried adding an error-page definition for javax.faces.application.ViewExpiredException to the web.xml, but that exception does not seem to get thrown after the session expires, it seems to try and re-load the backing bean and then crashes with a NPE in my code (because session information is missing).
I tried with the PhaseListener doing an ExternalContext.redirect as well as setting a navigation rule. When it tried to follow the navigation rule after the session expired, Faces said the context could not be found.
It's as if I can't separate requirements 2 and 3. I'm not looking for anyone to write code for me or anything - I just can't see a way to gracefully handle these two scenarios. I am sure there is one and I'm probably trying to over-complicate things. Does nayone know how to do this and is willing to give me a few pointers?
faces-config.xml
web.xml
Thanks