How does your system know to send the user to the login page in the first place?
Typically an application (or the container if you are letting it manage authentication) detectes that a request is made with no session/an invalid session/a new session. It then sends the user to the login page. Assuming your security is managed in such a way then you will just need to set the session timeout in web.xml to make this happen. This will inavlidate the session after a specified period of inactivity, so the next request that is made will be with an invalid session id/new session - so the login page will be displayed. Paul > -----Original Message----- > From: Adam Lipscombe [mailto:[EMAIL PROTECTED] > Sent: 2005/12/05 11:19 > To: 'Struts Users Mailing List' > Subject: Best practice for redirecting on session timeout? > > > Folks, > > > I there a standard way of handling session timeouts. If a > user has been > inactive for longer than N minutes I want to redirect them to > the login > page. > > It occurs to me that this could be done in a) the > RequestProcessor or b) in > an JSP include. > > > Is there another way? > What is best practice? > > > TIA - Adam > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Axios Email Confidentiality Footer Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message, and notify us immediately. If you or your employer does not consent to Internet email messages of this kind, please advise us immediately. Opinions, conclusions and other information expressed in this message are not given or endorsed by my Company or employer unless otherwise indicated by an authorised representative independent of this message. WARNING: While Axios Systems Ltd takes steps to prevent computer viruses from being transmitted via electronic mail attachments we cannot guarantee that attachments do not contain computer virus code. You are therefore strongly advised to undertake anti virus checks prior to accessing the attachment to this electronic mail. Axios Systems Ltd grants no warranties regarding performance use or quality of any attachment and undertakes no liability for loss or damage howsoever caused. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
