Bear Bibeault wrote:Are you talking about before or after the session has timed out?
Bear Bibeault wrote:I always handle such situations with a filter. Why goop up multiple pages or controllers with code that needs to cross-cut across all (or most) requests?
D. Ogranos wrote:The filter can check if the incoming request is still associated with a valid session, like
naveen yadav wrote:
it means that when session has been timed out , session is no longer valid and current session object will return null. Is that it?
i am asking this because i little confused about when a session become invalid. Does session becomes invalid when session is time-out or when session is destroyed ?
Mohan Rao Sv wrote:But if we are doing that in filter until and unless the user action we can't identify whether that is valid session or not.
Rob Spoor wrote:I definitely wouldn't want a real-time session invalidation to do anything to my current browser contents. Imagine I log in, start reading a long piece of text, and after a while, while I'm still reading, all of a sudden my browser navigates to this error message page because the session is invalidated. That would be the last time I visited your site.
Saurabh Pillai wrote:But it would definitely fail if website is open across multiple tabs.
Bear Bibeault wrote: But I've never even seen a site do this.