Win a copy of Machine Learning Systems: Designs that scale this week in the Scala forum
or Xamarin in Action: Creating native cross-platform mobile apps in the Android forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

How to handle session timeout when using Servlet 3.0 programmatic security  RSS feed

 
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Regarding Servlet 3.0 programmatic security, when a session times out there is no way to invoke HttpServletRequest#logout().

Does the user remain logged into JAAS?

If so, what is best practice to handle logging out of JAAS after session times out?

How does the container handle the user's subsequent request to login again and create a new session after session timeout?

As an aside, what are the pros and cons of using the following three approaches to handle session timeout when using Servlet 3.0 programmatic security:

HttpSessionListener#sessionDestroyed()
Make the @ManagedBean @SessionScoped LoginManager implement HttpSessionBindingListener and do something in valueUnbound.
Annotate a method in LoginManager with @PreDestroy.

Any other suggested approaches/ best practices advice would surely be appreciated.
 
Can you really tell me that we aren't dealing with suspicious baked goods? And then there is this tiny ad:
Rocket Oven Kickstarter - from the trailboss
https://coderanch.com/t/695773/Rocket-Oven-Kickstarter-trailboss
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!