Renato, Did you ever receive a response to this? I'm having the same problem.
My current problem is slightly more complicated though. I have my application protected using container based security, but, I also have single-sign on enabled. So, the user doesn't get redirected back to the login page when the session times out. Previously, I used to make it so that if the session had expired (detected by my main JavaBean not being present (I was never able to figure out how to determine whether it was a new session or one that had expired and hence couldn't display an error message in the later case)), I'd just redirect the user back to the first page of my application. However, now, I'm using JavaServer Faces. As a result, I'm not the one implementing the controller part of my application, JSF is. Someone mentioned something about using HttpSessionListener. I don't see how that can work because you don't have a handle to the request and response. Is there a standard way of handling session timeouts? All I want to do is detect when a session has timed out for a user and display a page stating such when the user makes a request after the session has timed out. It seems like this should be a straight forward thing to do. Am I missing something? Jon ----- Original Message ----- From: "Renato Romano" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Sent: Tuesday, March 02, 2004 3:31 AM Subject: Session Timeout and "Direct Reference to login page" > I have two problems i'm facing with every web application using > declarative security model, that is: > > 1) Detect that the user session has expired, and forward him to an > appropriate login page; Usually we build webapp in which the home page > shows a login form; to handle this, I use to make a "index.jsp" page > which redirects the user to a protected page; this is handled by the > container which then shows my login page (as specified in web.xml) that > is my HOME page. With this approach however, I can't detect session > expirying, so if the session times out, the user is presented with the > HOME page (the login > page) without further notice or advice!! I tried to solve this with a > filter, but it seems the container (Tomcat 4.1.127 inside Jboss) > forwards to the login page without calling the filter. > > 2) If the user waits too long reading the home/login page, the sessions > times out, Tomcat looses the reference to the previously requested > protected page, and on login shows an "Invalid Direct refernce to form > login page" error. Again a filter seem not to be useful in this case, > since Tomcat commits the error without calling the filter!! > > Any help or hint on this topic is very, very appreciated > > Renato > > > ____________________________________ > Renato Romano > Sistemi e Telematica S.p.A. > Calata Grazie - Vial Al Molo Giano > 16127 - GENOVA > > e-mail: [EMAIL PROTECTED] > Tel.: 010 2712603 > _____________________________________ > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
