0

What are the steps to identify the session has timed out and to redirect it,i hav tried by giving session-timeout as 1 min in web.xml,whether that makes session to timout?

for redirecting in filter:

if (request.getRequestedSessionId() != null   && !request.isRequestedSessionIdValid()) 
        response.sendRedirect(request.getContextPath() + "/login.html");
                    return;
    }
    else {
        response.setHeader("Cache-Control", "no-cache, no-store, must-       revalidate"); // HTTP 1.1.
        response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
        response.setDateHeader("Expires", 0);
        filterChain.doFilter(servletRequest, servletResponse);
    }

but it not redirecting to login page,what am i missing here?

one more clarification needed is : does url-pattern tag in web.xml should hav the redirection page address?

<filter-mapping>
    <filter-name>SessionTimeoutCookieFilter</filter-name>
    <url-pattern>login.html</url-pattern>
</filter-mapping>

any suggestion on this please....

maxx777
  • 1,320
  • 1
  • 20
  • 37
user3485046
  • 1
  • 2
  • It depend by your application server. If you are using jboss [this should help you][1]. [1]: http://stackoverflow.com/questions/3197438/jboss-session-timeout – Manuel Spigolon Apr 18 '14 at 07:13

3 Answers3

1

Try this in your web.xml if you are using Apache Tomcat 

         <session-config>
            <session-timeout>30</session-timeout>
        </session-config>
Rookie007
  • 1,229
  • 2
  • 18
  • 50
1

It is very Simple.
Add Following code into your SessionTimeoutCookieFilter 

    HttpSession session = request.getSession(false);
        if (null == session) {
            response.sendRedirect("index.jsp");
        }

And also change your url patern , something like i have used :-

<filter>
<filter-name>SessionFilter</filter-name>
 <filter-class>
    net.SessionFilter
</filter-class>
<init-param>
    <param-name>avoid-urls</param-name>
    <param-value>index.jsp</param-value>
</init-param>
</filter>
<filter-mapping>
 <filter-name>SessionFilter</filter-name>
 <url-pattern>/*</url-pattern>
 </filter-mapping>
Mitul Maheshwari
  • 2,647
  • 4
  • 24
  • 38
0
<session-config>
    <session-timeout>15</session-timeout>
</session-config>

or you can do using Java Code :

session.setMaxInactiveInterval(15 * 60); //15 minutes

The HttpSession#setMaxInactiveInterval() doesn't change much here by the way. It does exactly the same as <session-timeout> in web.xml, with the only difference that you can change/set it programmatically during runtime. The change by the way only affects the current session instance, not globally (else it would have been a static method).

<session-config>
    <session-timeout>-1</session-timeout>
</session-config>

You can use -1 where the session never expires. Since you do not know how much time it will take for the thread to complete.

user3145373 ツ
  • 7,858
  • 6
  • 43
  • 62
  • Thanks for the input,have set the timeout in session-config.But redirecting is not happening after the session timeout, here is where i'm.. Any idea ? – user3485046 Apr 18 '14 at 08:17
  • @user3485046 : look http://stackoverflow.com/questions/15573221/redirecting-after-httpsession-time-out – user3145373 ツ Apr 18 '14 at 08:21
  • @user3485046 : use filter, I haven't use this but look code http://www.jguru.com/forums/view.jsp?EID=1248692 – user3145373 ツ Apr 18 '14 at 08:23
  • I tried those ways too...but in vain I want to know,when the session timeout happens do we need to make the session null or it will becom null automatically? and what about the userid of that session,becomes null? – user3485046 Apr 18 '14 at 08:44
  • Yes it becomes null. So we don't have to do it manually, it automatically `invalidate()` to session. – user3145373 ツ Apr 18 '14 at 08:58
  • thanks for the response So it means if i set the time in web.xml and check the condition if(session == null){ response.sendRedirect(request.getContextPath() + "/login.html"); } will redirect to login page after the session timeout? – user3485046 Apr 18 '14 at 09:49
  • Yes it will something like that. – user3145373 ツ Apr 18 '14 at 09:55