It is important to make a difference between a user session and a HTTP
session. Many user sessions on the same browser instance will be just one
HTTP session. session.setMaxInactiveInterval allows U to set a idle
timeout(timeout between 2 successive requests) on the HTTP session. One way
to handle User session timeout is as follows:
1. When user logs in store his login time in the session allocated to him
using session.set("LOGIN_TIME", new Long(System.currentTimeMillis())). Note
: capture login time in milliseconds.
2. Everytime the user makes a request , write a helper method which does a
check like -
if( System.currentTimeMillis() -
((Long)session.get("LOGIN_TIME")).longValue() >= SESSION_TIMEOUT ) {
// Do whatever U want to do , fo eg. re-direct user to the "Login"
page again.
}
Hope this helps.
-----Original Message-----
From: Alan Meyer [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 20, 2002 12:43 AM
To: [EMAIL PROTECTED]
Subject: Re: session timeout setting
Yong How showed how to do this by setting a value in the web.xml
configuration file.
Another way to do it is is to make the following method call inside
the application (allowing different intervals for different
purposes):
session.setMaxInactiveInterval (...)
where ... is the number of seconds between interactions after which a
timeout should occur. For two hours, you'd use 7200.
You can set this in the login JSP page.
Also, instead of reading the cookie, you might have a look at
session.getId(), which should work with cookies or with URL re-
writing, and session.isNew().
If I remember correctly, there might have been problems with these in
Tomcat 3.x series that were fixed in 4.x.
Alan
> -----Original Message-----
> From: A mailing list about Java Server Pages specification and
> reference [mailto:[EMAIL PROTECTED]]On Behalf Of Kenny G.
> Dubuisson, Jr. Sent: Wednesday, 18 December, 2002 12:11 AM To:
> [EMAIL PROTECTED] Subject: session timeout setting
>
>
> I have a site written in JSP that uses session info to validate user's
> sessions. I want to change the default timeout of the session from 60
> mins but I'm not sure what is controlling this or how/where to change
> it. Here is more info to help figure this out...if anyone has any
> ideas I would greatly appreciate it.
>
> My initial JSP page has a login which, when validated, sets a cookie
> that stores the session ID. Every page thereafter, upon initial load,
> checks the current session ID against this cookie and if they don't
> match, the user is directed to re-login. My users want a longer
> timeout but I'm not sure where to control this (maybe this question is
> for the Tomcat list....I just don't know).
>
--
Alan Meyer
AM Systems, Inc.
Randallstown, MD USA
[EMAIL PROTECTED]
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST
DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://archives.java.sun.com/jsp-interest.html
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.jsp
http://www.jguru.com/faq/index.jsp
http://www.jspinsider.com
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://archives.java.sun.com/jsp-interest.html
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.jsp
http://www.jguru.com/faq/index.jsp
http://www.jspinsider.com
