It's too bad there isn't a <session-timeout-page> element that you can put in web.xml kind of like the <error-page> element...
Jon ----- Original Message ----- From: "Jonathan Eric Miller" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, May 19, 2004 2:58 PM Subject: Re: Session Timeout and "Direct Reference to login page" > Renato, > > Did you ever receive a response to this? I'm having the same problem. > > My current problem is slightly more complicated though. I have my > application protected using container based security, but, I also have > single-sign on enabled. So, the user doesn't get redirected back to the > login page when the session times out. > > Previously, I used to make it so that if the session had expired (detected > by my main JavaBean not being present (I was never able to figure out how to > determine whether it was a new session or one that had expired and hence > couldn't display an error message in the later case)), I'd just redirect the > user back to the first page of my application. However, now, I'm using > JavaServer Faces. As a result, I'm not the one implementing the controller > part of my application, JSF is. > > Someone mentioned something about using HttpSessionListener. I don't see how > that can work because you don't have a handle to the request and response. > > Is there a standard way of handling session timeouts? > > All I want to do is detect when a session has timed out for a user and > display a page stating such when the user makes a request after the session > has timed out. It seems like this should be a straight forward thing to do. > Am I missing something? > > Jon > > ----- Original Message ----- > From: "Renato Romano" <[EMAIL PROTECTED]> > To: "'Tomcat Users List'" <[EMAIL PROTECTED]> > Sent: Tuesday, March 02, 2004 3:31 AM > Subject: Session Timeout and "Direct Reference to login page" > > > > I have two problems i'm facing with every web application using > > declarative security model, that is: > > > > 1) Detect that the user session has expired, and forward him to an > > appropriate login page; Usually we build webapp in which the home page > > shows a login form; to handle this, I use to make a "index.jsp" page > > which redirects the user to a protected page; this is handled by the > > container which then shows my login page (as specified in web.xml) that > > is my HOME page. With this approach however, I can't detect session > > expirying, so if the session times out, the user is presented with the > > HOME page (the login > > page) without further notice or advice!! I tried to solve this with a > > filter, but it seems the container (Tomcat 4.1.127 inside Jboss) > > forwards to the login page without calling the filter. > > > > 2) If the user waits too long reading the home/login page, the sessions > > times out, Tomcat looses the reference to the previously requested > > protected page, and on login shows an "Invalid Direct refernce to form > > login page" error. Again a filter seem not to be useful in this case, > > since Tomcat commits the error without calling the filter!! > > > > Any help or hint on this topic is very, very appreciated > > > > Renato > > > > > > ____________________________________ > > Renato Romano > > Sistemi e Telematica S.p.A. > > Calata Grazie - Vial Al Molo Giano > > 16127 - GENOVA > > > > e-mail: [EMAIL PROTECTED] > > Tel.: 010 2712603 > > _____________________________________ > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]