Hi,
> I'm not actually sure you would ever really want to do this as proposed.
> It's easier to deal with this situation in the controller servlet as
already
> detailed by Craig et al when handling the loss of an authenticated
session.
> Namely, most sites involve some form of authentication (a login page) that
> when
> successful places a "marker" object in the HttpSession.
> On all subsequent requests the controller servlet tests for the presence
of
> the
> marker; if is not there then the controller performs an rd.forward() to
the
> login page.
> If the login example is not applicable I would imagine that the same
> approach can be
> adopted for any alternative scenario involving a test for object X and
> redirection
> to page Y if it fails.
<snip>
I think what he wanted was a way for it to automatically forward the user to
a page when the session timed out. What I do right now is include a "header"
on every JSP page. This header is mostly scriplet code and a bit of HTML
because we use a top menu button thingy, but I put a bit of code that does
exactly what you said. Thus, if a user is logged in and sits idle for x time
and the session times out, when they click a button that uses ANY /inside/
file (all the inside links point to /inside path) they are redirected back
to the outside home page and a text message is displayed telling them they
tried to access a resource or page that requires being logged in. But I also
mention if they are seeing the message and they were logged in, their
session timed out.
Like the original poster, I was also interested in a way to notify the
client that their session has expired. I think what he proposed sounded
good. When the session expires, each object in it that implements the
Listener, gets notified. The only problem is..can the specific object that
is used for testing of login be used to forward the browser to a new page? I
don't think it can..because the session times out on the server, but a
request might not have been sent to send a response back. Can you send a
page to a browser without a request coming in? I wouldn't think so...so this
may not be possible?
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
