1

I need to leave the application after some time of inactivity.

I tried using session.invalidate(); but it is not working as I am using basic authentication and I redirected to a JSP page where it asks for login again.
But it is not asking any login credentials while users directly logging in into the application. The only way to logout with basic authentication is to close the Webbrowser.
I need an API such that after inactivty, say 10 mins, it should redirect to one JSP page without closing the browser. E.g. like banking sites which display "session expired, please login again".

Shegit Brahm
  • 725
  • 2
  • 9
  • 22
Satya
  • 11
  • 2
  • 3
  • This is basically a duplicate of [How to log out user from web site using BASIC authentication?](http://stackoverflow.com/questions/233507). Use of JavaScript or meta refresh can invoke the logout behaviour, once you have it in place. – system PAUSE Apr 15 '13 at 20:45

1 Answers1

0

Make use of meta refresh header in combination with HttpSession#getMaxInactiveInterval(). It returns the remaining lifetime of the HttpSession in seconds and that's exactly what you need in a meta refresh header.

<meta http-equiv="refresh" content="${pageContext.session.maxInactiveInterval};url=expired.jsp">

Include this header in your HTML <head>. If the session timeout has been reached, then the browser will automatically redirect the page to the specified url, which is expired.jsp in above example.

BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555