1. Inside index.jsp, I put this:
<%session.setAttribute("VALIDSESSION", Boolean.TRUE);%>
2. At the top of each jsp file, I put this:
try{
Boolean validSession = (Boolean)session.getAttribute("VALIDSESSION");
} catch (Exception e) {
response.sendRedirect( "index.jsp" );
}This places a value in VALIDSESSION when index.jsp loads up and then checks to see if VALIDSESSION is still valid when each JSP file is loaded afterwards. If it is not valid then the user gets redirected back to index.jsp to start over.
I use JDBCRealm and FORM AUTH, so; when my session times out, I get sent to the login.jsp page, then after a successful login, j_security_check tries to send me to the page I originally requested when my session was still active. Since many pages rely on information stored in the session, errors will occur without this check.
To invalidate an active session, simply do this:
session.invalidate();
Hope this helps,
-- ******************************************* * Rick Roberts * * Advanced Information Technologies, Inc. * *******************************************
James Michelich wrote:
A quick question about invalidating sessions:
Is there a way to detect whether a session is still active without implementing some sort of login/logout scheme (i.e. is there some way to invalidate a session without explicit input from the user, other than simply letting it time out)?
Thanks,
James
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
