0

I'm working on JEE 6 projet where the client need sometimes to prevent the session from times out. I want to use a Boolean Check Box to allow the ever user to Stay connected or not like he wants.

I am tempted by the following technique, where myType must be : client or server ;

<context-param>
  <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
  <param-value>#{mySession.myType}</param-value>
</context-param>
BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
bilelovitch
  • 1,975
  • 1
  • 16
  • 24
  • 1
    Hi this topic was already discussed here: [http://stackoverflow.com/questions/2960764/how-to-set-session-timeout-dynamically-in-java-web-applications](http://stackoverflow.com/questions/2960764/how-to-set-session-timeout-dynamically-in-java-web-applications) And here: [http://stackoverflow.com/questions/15382895/session-timeout-in-web-xml](http://stackoverflow.com/questions/15382895/session-timeout-in-web-xml) – aelkz Nov 24 '16 at 13:24

2 Answers2

1

Through the deployment descriptor, setting it to -1 will make it indefinite: 

 <session-config>
    <session-timeout>
        -1
    </session-timeout>
</session-config>
Esteban Rincon
  • 2,040
  • 3
  • 27
  • 44
1

I've solved this problem in other way :

  1. I've not use javax.faces.STATE_SAVING_METHOD
  2. In my web.xml i've used : session-timeout = 20
  3. In my loginForm
  4. i've changed the action form from j_security_check To j_security_check.jsp by creating a jsp file.
  5. i've added in the login form a checkbox to know if the user want to stay connected or not.
  6. In my managedBean i check the KEEP_CONNECT value, to disable timeOut until the manual deconnexion : userSession.setMaxInactiveInterval(-1); Or to keep this session more long (2 Hours) : userSession.setMaxInactiveInterval(7200);

The review :

web.xml

<session-config\> <session-timeout>20</session-timeout> </session-config>

loginForm

<form method=post action="/j_security_check.jsp" > <input type="text" name= "j_username" > <input type="password" name= "j_password" > <input type="checkbox" name="j_remember" /> </form>

j_security_check.jsp

//Have we already authenticated someone ?
    if (request.getUserPrincipal() == null) {

        String j_username = request.getParameter("j_username");
        String j_password = request.getParameter("j_password");
        String j_remember = request.getParameter("j_remember");

        try {

            request.login(j_username, j_password);

            if("on".equals(j_remember)){
                session.setAttribute(KEEP_CONNECT, true);
            } else {
                session.setAttribute(KEEP_CONNECT, false);
            }

            logger.debug("Authentication of '" + request.getUserPrincipal() + "' was successful.");
            response.sendRedirect(request.getContextPath() +HOME_PAGE);
        } catch (Exception ex) {
            logger.error(ex,"Authentication failed.");
            response.sendRedirect(request.getContextPath() + ERROR_PAGE);
        }

    } else {
        logger.debug("Already authenticated '" + request.getUserPrincipal() + "'.");
        response.sendRedirect(request.getContextPath() + LOGIN_PAGE);
    }

SessionManagedBean

private void initTimeOut() {
        String login          =           FacesContext.getCurrentInstance().getExternalContext().getUserPrincipal().getName();
        boolean keepConnected = (boolean) FacesContext.getCurrentInstance().getExternalContext().getSessionMap().get(KEEP_CONNECT);

        logger.debug(login + " IN > " + userSession.getMaxInactiveInterval());
        logger.debug(" keepConnected ? = " + keepConnected);

        if (keepConnected) {
            //keep this session and disable timeOut until the manual deconnexion
            userSession.setMaxInactiveInterval(-1);
        }

        logger.debug(login + " OUT > " + userSession.getMaxInactiveInterval());
}
bilelovitch
  • 1,975
  • 1
  • 16
  • 24