• Post Reply Bookmark Topic Watch Topic
  • New Topic

How to handle session variable when session times out  RSS feed

 
N Carlo
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello all,

I am developing a web application where if the user's session times out, the next time he clicks on a link, he is redirected to the login page. After he logs in again, he is then taken to the page he was trying to access. The trouble is, I am storing some information in the session scope. For example, the user can view all the items he has created in the application. I store this list in the session. Now, suppose the user tries to view one of those items, but his session has timed out. So, he logs in again, but now his old session variables are gone, so when the login page forwards him to the page that should display the item details, the list is null, and I end up with a stack trace on the screen. What is the best way to handle this situation? Thank you for your help.
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13078
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
For more durable storage people commonly use a database - personally I like to have a custom object representing the user's current state and serialize that to a disk file.

Bill
 
N Carlo
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Bill,

Thanks for your reply. If you store session data in the database, don't you need a way to clear it out when the user's session ends? Would you run a job daily to clear out everything older than 24 hours, or something like that?
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 66207
151
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Treat the session like a cache. If the data is there, use it. If it isn't there, go and re-fetch it.
 
N Carlo
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Bear!
 
homes Ting
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think stored this session in Cookies if the data no sensitive
 
Anurag Verma
Ranch Hand
Posts: 170
Hibernate Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can also have some hidden field or cookie in your page which will contain the serialized & encrypted list or Object.
Otherwise if you are forced to keep that content on server, have a file (or database record) associated with the session, remove the file (or database record) when session is removed from server, have a mechanism to handle that file/record when you see an expired session, but this mechanism is having an issue... if the user wakes up too late when the session is removed, he wont be able to see that list.

One more suggestion is that you can keep last few records (or may be all the records as per your need) in database always associated with the user directly.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!