But you cannot direct to anywhere when this occurs. There's no request context. In fact, how would you know whether the user is still looking at your pages, or off looking at videos on YouTube?
What you can do is to write a filter that checks, for each request, whether the session is still active, and if not, redirect to the login.
This functionality is really important for us. Client is mad at us. ;-)
And, if you're using AJAX, you'll want to reset the timer any time an AJAX request is made to the server.
Bear Bibeault wrote:Are you taking about browser tabs? Or something else?
How are you controlling how many browser tabs are opened? That's really us to the user.
Yes, I am talking about browser tabs. One FireFox instance and multiple tabs with same application. See the screenshot.
Here I have opened JavaRanch in multiple tabs.
Bear Bibeault wrote:So your users do this? Or are you spreading your app out over many windows with window.open()?
Both are practical scenarios so they can occur. For example, for first one, You moderate JSP and Servlet forums and just for *convenience* you open both forum in separate tabs so that you do not need to switch between forums. and for seond one, let say some user has used a link in the post and if you click that it opens up in new tab.
In any case, as each tab has it's own timer and is loaded correctly, what's the issue?
David explained the issue precisely.
David Newton wrote:I think the OP is asking about opening a tab (counter starts at 30 minutes). A new tab is opened 15 minutes later and is in use. The first tab will time out in 15 more minutes and throw up even though the second tab is still active and the session isn't really over.
Create a map and bind it to context scope with a context listnener.
Create a session listener that binds new sessions to this map when they are created.
Make sure it also removes them when they are invalidated or destroyed or you'll have all kinds of weird issues.
Use the session's ID as the key.
You now have a way to access sessions, by ID, without using getSession (which would reset the session's timer)
Create a servlet that reads the accesses the session for this user via the context scoped map.
This servlet can read the getMaxInactiveInterval and the getLastAccessedTime to figure out how much time is remaining for this session.
You can now make requests to this servlet with an AJAX function to see if the session is active and how much time is remaining before it times out.
I do this in one of my apps.
On the client side, I have a JS counter that shows in a task bar like div at the bottom of the page.
It refreshes itself every second.
Every 60 seconds, it syncs up with the server via an AJAX call.
When the timer reaches 0 it makes one last call to the server to make sure that the session is actually dead and then redirects the user to the login page.
When the counter gets within 3 minutes of timing out, I open a div popup warning the user that their session is about to expire.
At this point I also have the timer start writing the time remaining to the page title every second. This insures that, if they're working in another window, they can see the timer number in the task bar tab (for windows and Linux users anyway).
Note, this will not work if you have a cluster of servers (unless you can find a way to synchronize the context scoped map).