In my case, I don't just want to test for a timed out session. I want to see
if the session has timed out since the user has logged in.
So, when the user logs in, I add an object to the session (any object will
do). Then at the top of every servlet I test for the existence of that
object 'if(session.getAttribute("myObject") == null)'. If the object is null
then I know that the session has timed out since the user last logged in.
At that point, I forward to the session expired page which informs the user
that he/she must log back in.
It sounds like you're looking for something similar.
On Wednesday 19 May 2004 04:56 pm, Jonathan Eric Miller wrote:
> Thanks. I think option #1 is what I'm looking for. What I don't understand
> is what I need to do with the session listener though?
>
> I don't understand how to determine whether the new session is truly new,
> or if it's a new session because a previous session timed out. Could I use
> a filter and check the incoming session ID and if the session ID isn't in
> the list of session IDs that the server knows about, assume that it's an
> expired session?
>
> Does anyone have example source code on how to do this?
>
> Jon
>
> ----- Original Message -----
> From: "QM" <[EMAIL PROTECTED]>
> To: "Tomcat Users List" <[EMAIL PROTECTED]>
> Sent: Wednesday, May 19, 2004 3:16 PM
> Subject: Re: Session Timeout and "Direct Reference to login page"
>
> > On Wed, May 19, 2004 at 02:58:05PM -0500, Jonathan Eric Miller wrote:
> > : All I want to do is detect when a session has timed out for a user and
> > : display a page stating such when the user makes a request after the
>
> session
>
> > : has timed out. It seems like this should be a straight forward thing to
>
> do.
>
> > : Am I missing something?
> >
> > You could use a session listener and check its existence with a
> > filter... In other words:
> >
> > // filter pseudocode
> > if( null != session.getAttribute( "UserMarker" ) ){
> > // pass the req and resp down the filter chain
> > }else{
> > // forward() to a "your session timed out" page
> > }
> >
> > Is this what you're after?
> >
> > Option #2: have each page meta-refresh to the "your session timed out"
> > page (set the refresh value 1 or 2 seconds beyond the session timeout).
> > This is more intrusive, though: people don't typically like it when
> > their browser starts moving around when they didn't explicitly ask.
> >
> > -QM
> >
> > --
> >
> > software -- http://www.brandxdev.net
> > tech news -- http://www.RoarNetworX.com
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
--
Ben Souther
F.W. Davison & Company, Inc.
This e-mail message, and any accompanying documents, is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information. Any unauthorized review, use, disclosure, distribution or
copying is prohibited. If you are not the intended recipient, please
contact our office by email or by telephone at (508) 747-7261 and
immediately destroy all copies of the original message.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
