1

I have Java web application with two areas: public and private. I have configured session timeouts for both areas. After session timeout I need to redirect to another page.

If the session timeout is from public area, I need to redirect to home page and if the session timeout is from private area, I need to redirect to another page with a message "Your session has timed out !! " How can I do that ?

Krishnanunni P V
  • 689
  • 5
  • 18
  • 32

3 Answers3

0

Well I do not know, what libraries or framework you use, but in general, you can simulate events in Java by using Observer pattern : http://en.wikipedia.org/wiki/Observer_pattern

Your "redirection" logic will be Observer, you register it in session logic, and you notify it, when something happend to session.

libik
  • 22,239
  • 9
  • 44
  • 87
0

I'd suggest you to create HTTP filter for this purpose. This filter is mapped to private zone of your site and does the following:

  1. Checks whether session is expired HttpServletRequest.getSession(false)
  2. if it is expired redirects user to the login page.
AlexR
  • 114,158
  • 16
  • 130
  • 208
  • I already have a filter common for public and private zone. Currently in that filter I'm redirecting to a single page on session timeout. How can I differentiate the public and private zone and then redirect to respective pages ? – Krishnanunni P V Feb 19 '15 at 13:49
  • I'd suggest you to do this using different URLs. For example put ll public resources under `public` directory and all private under `private` directory. Then map your filter to private directory only using `filter-mapping` tag in `web.xml`. – AlexR Feb 19 '15 at 15:01
  • You can continue with your filter... use the request#getRequestURI () to test whether the URI matches the URI of public or private page and make the appropriate redirects.. – Lucas Oliveira Feb 19 '15 at 17:10
  • @LucasOliveira, programmatic filtering is good too, but IMHO declarative solution is more modular and allows better code reuse. – AlexR Feb 19 '15 at 17:15
  • @AlexR In my case I'm not suppose to change the URL because it is already under google tracking. Is there any other way to do this ? – Krishnanunni P V Feb 20 '15 at 06:03
  • @KrishnanunniPV, why do you think that I suggest you to change URL? Server side redirect is your friend. The URL in client browser remains the same but the control in server side is redirected to other page. – AlexR Feb 20 '15 at 13:03
0

HttpSessionListener#sessionDestroyed() will be called if you have your HttpSessionListener listener configured in your DD.

You can do based on this method call.

Saravana
  • 12,647
  • 2
  • 39
  • 57