• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Session expire problem with HttpSessionListener

 
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My objective is when session is Expire i want to display message session is expire...I am using HttpSessionListener....



Now in Servlet file......


PROBLEM IS THAT Every time its check ONLY for IF condition.....its not going in ELSE PART....
means if session is destroy and user click on html page so request redirect to servlet...and it will again Create a NEW session....
SO ANY WAY TO CHECK the session is expire or not???
 
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Please UseCodeTags when posting code or configuration. Unformatted code and configuration is unnecessarily difficult to read. You can edit your post by using the button.
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You will get the call to sessionDestroyed in a Thread that is completely independent of any request thread. You could keep a list of session ids as they are destroyed, but what would you do with it?

In the request Thread you can determine if a session is new and thats about it.


Bill
 
dashang trivedi
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
when session is destroyed ..the session destroyed method is called i simply decrement the Integer variable and when session is created i just Increment the variable.. then set the session variable with that value...and in servlet file i simply get the variable value.........

the Problem is that...I always get same value...session destroyee method is called...but when USER click on JSP file ....it will create a new Session because session is destroyed...

So please tell me any Solution...
 
Marshal
Posts: 28177
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

dashang trivedi wrote:the Problem is that... when USER click on JSP file ....it will create a new Session...

So please tell me any Solution...



This is the real problem, isn't it? There's no session at this point in time. But you want to tell the user that the previous session timed out. Therefore... you can't store that information in the session, because it won't be available. You will have to store it somewhere else.
 
dashang trivedi
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
So sir...where to store ...how i display the message your session is expire.......
 
William Brogden
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you have some database with entries for each user, you could record the last time they got a session and the time the session expired.

There are simple databases you could keep in memory if the number of users is not huge.

Do you currently track users beyond a single session/

Bill
 
Ranch Hand
Posts: 218
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What if we have a token generated and sent back to the user when the session was first created, so that with each of the subsequent requests we will be getting the token. (say all your links displayed in the page will have an additional parameter for the token, just on similar lines to encodeURL)

Have a servlet filter in in place which will read the token
1. If no token is existing then it may be the first request, forward to login page
2. If there is a token present and no session associated then forward to the error page you require, else let the request go through.


Another alternative is not to allow direct access to jsp from the front end but all links will be sending request to a controller (a Front Controller) which would do these checks before forwarding to the required jsp.
 
dashang trivedi
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My objective is when session is Expire i want to display message session is expire...

I am trying for token but its every time create a new token....

if you have code that run perfect than PLEASE out the code here....its help community a lot...
 
Amol Nayak
Ranch Hand
Posts: 218
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It is fine even if you create a new token for each request, it is also helpful for detecting duplicate submissions of form. How come you are not able to detect from the tokens that the session which has generated this token has expired?

Why don't you post your code with the token logic?

 
dashang trivedi
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Cookie Token is same as i create a Session id....
main problem is that when session is expire than its create a new session....Check the If condition....Its session default behavior..
we cant change it....So now question is how we set the logic that its go in ELSE part...which session destroy condition......
in that condition i display message SESSION is EXPIRE........think it....

 
Amol Nayak
Ranch Hand
Posts: 218
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Please read my previous post again, apart from storing a token in session you need to get it back from the client (browser) every time. The token will not be a simple number like count attribute in your case. You may have the token as say the the value returned by System.currentTimeMillis().
When sending back the response back to the client store this token value in it as a parameter for each link you display on your page and also store the token in your session.

When you are getting a request which has a token associated with it but no session associated with the request on the server, you may say that the page was served when the session was active and hence show the message "Session already invalidated"

For your purpose you may just generate the token at the beginning of the session and not for each requests.
Generating a new token for each request is useful when you need to prevent duplicate submission of the form.
 
Ranch Hand
Posts: 282
Eclipse IDE PHP Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What about this? This uses a cookie called "token" to store the session ID. If the cookie doesn't match the session ID, it means the user's previous session timed out. Of course, this only works if the client supports cookies...


Your code is just counting the number of active sessions...this doesn't help to tell whether a session has timed out.

Amol's solution is better because it doesn't require cookies, but you'd have to add an extra parameter to every single link which is tedious.
 
dashang trivedi
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank-you Michael....your Logic is great.....
yes now i understand i m just counting....the active session....i m just confuse with how previous session is store....
great solution .... i think this help a community a lot....

i am just confusing with your statement...
why you say that Amol's solution is better because it doesn't require cookies....
is it possible without cookies???

thank-you....
 
Michael Angstadt
Ranch Hand
Posts: 282
Eclipse IDE PHP Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

dashang trivedi wrote:
why you say that Amol's solution is better because it doesn't require cookies....
is it possible without cookies???



That's just one possible solution I thought up...not sure how else you'd do this. It seems like a common problem though, so there must be a solution somewhere..
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic