Win a copy of Java EE 8 High Performance this week in the Java/Jakarta EE forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Auto redirect to session timeout page on session expiry without waiting for user interaction.  RSS feed

Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
During development we came across such situation where we need to redirect user to session timeout /logout page once session is expired.
Prerequisite was that system should not wait for user interaction to trigger the event, instead it should be automated .

I am unaware whether such solution is already posted in this forum or not but i am posting one which we had implemented .
There may be more optimized solutions :-)

Before we start few facts that needs to be considered .
  • This solution works on filter, where each url is intercepted by filter , but as per needs it can be configured depending on situation which url should / should not be filtered. Its finally your decision.
  • Web.xml would be affected .
  • One common jsp / common.js file that should be present on every jsp page . We used common jsp page which was included as header in page.
  • Current implementation is using Jquery,JQuery is used for AJAX polling. It can also be done using javascript
  • This is the sample code where back button / forward button code is not implemented as well as session is not invalidated.

  • Note: This solution clears session manually but not invalidates.
    Due to continuous AJAX poll session will never get invalidated by container, while clearing session we can invalidate it or logout action can be used to invalidate the session
    This solution just redirect the idle user to logout page which is not dependent on user interaction

  • Writing Filter:

  • Entry in web.xml

  • Javascript Code:This should be in common jsp / js file that is present on each jsp / html page.

    Saloon Keeper
    Posts: 19091
    Android Eclipse IDE Linux
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Because of the fundamental rules of HTTP protocol, you cannot receive an unsolicited http (page) response from any HTTP server (including Java servers). You appear to be aware of that, but I always like to mention it because often people are not.

    You can use client-side JavaScript to poll (solicit) for a "timeout page" request, however, the normal J2EE timeout mechanisms does not distinguish between such polls and an actual active session, so the timeout would repeatedly reset and you would be worse off than if you hadn't polled at all because the server would never timeout. You appear to have attempted to avoid this, although with what appears to be a more complex mechanism than is actually necessary.

    If you manually manage the server timeout, you can avoid this by using a special poll URL and making the filter skip resetting the session's manual timeout indicator when that URL comes in (the server's timeout indicator will reset regardless, but you can ignore that). The polling does add cost to the server, however. Incidentally, instead of all the header-fu, just have the filter compute the updated timeout timestamp and store it in the session for comparison against poll requests. Less complicated and less likely to be hackable from ill-behaved clients.

    A simpler way to do the date comparison is to compute the timeout time as a Date like so:

    Where TIMEOUT_INTERVAL = 1000 * 60 * minutes_to_timeout, since it's in milliseconds. Store "expired" as a Session-scope object.

    To check for expiration:

    An alternative that does not require all the server interaction would be to partition the pages into two parts (using DIVs, for example). One DIV would be normal content, the other would be the timeout display, made invisible. Run the timeout as a time-delay client event in parallel with the normal server timeout, and when the timeout expires, hide (or destroy) the normal content and make the timeout part of the page visible.
    Don't get me started about those stupid light bulbs.
    • Post Reply Bookmark Topic Watch Topic
    • New Topic
    Boost this thread!