I have a web application using Spring(version 2.5),Spring Security (version 2.0.5) and DWR.I am facing some issue when the session timeout.
On session timeout the application should redirect the user to login page.But that is not happening.When the timeout had occured and then the user clicks on any of the links in the application, the user is taken to the target page for the clicked link but with no data since the data is user specific and user id is not found in the session.In Spring Security 3.0 this feature is available readily.
But I have no option of upgrading either Spring/Spring Security presently.In such a case how can I redirect the user to a desired page when timeout occurs.I tried implementing a session timeout filter but I end up finding that it was actually a wrong approach.That filter was getting called up in the chain even when invalid session was found.
Below is a portion from Spring Security logs.
Kindly guide me in achieving the desired result.
The Art Of Life Is To Know When To Be Useless And When To Be Useful - CHUANG TZU