How does your system know to send the user to the login page in the first
place?

Typically an application (or the container if you are letting it manage
authentication) detectes that a request is made with no session/an invalid
session/a new session. It then sends the user to the login page.

Assuming your security is managed in such a way then you will just need to
set the session timeout in web.xml to make this happen. This will inavlidate
the session after a specified period of inactivity, so the next request that
is made will be with an invalid session id/new session - so the login page
will be displayed.

Paul


> -----Original Message-----
> From: Adam Lipscombe [mailto:[EMAIL PROTECTED]
> Sent: 2005/12/05 11:19
> To: 'Struts Users Mailing List'
> Subject: Best practice for redirecting on session timeout?
> 
> 
> Folks,
> 
> 
> I there a standard way of handling session timeouts. If a 
> user has been
> inactive for longer than N minutes I want to redirect them to 
> the login
> page.
> 
> It occurs to me that this could be done in a) the 
> RequestProcessor or b) in
> an JSP include.
> 
> 
> Is there another way? 
> What is best practice?
> 
> 
> TIA - Adam
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 

Axios Email Confidentiality Footer
Privileged/Confidential Information may be contained in this message. If you 
are not the addressee indicated in this message (or responsible for delivery of 
the message to such person), you may not copy or deliver this message to 
anyone. In such case, you should destroy this message, and notify us 
immediately. If you or your employer does not consent to Internet email 
messages of this kind, please advise us immediately. Opinions, conclusions and 
other information expressed in this message are not given or endorsed by my 
Company or employer unless otherwise indicated by an authorised representative 
independent of this message.
 
WARNING:
While Axios Systems Ltd takes steps to prevent computer viruses from being 
transmitted via electronic mail attachments we cannot guarantee that 
attachments do not contain computer virus code.  You are therefore strongly 
advised to undertake anti virus checks prior to accessing the attachment to 
this electronic mail.  Axios Systems Ltd grants no warranties regarding 
performance use or quality of any attachment and undertakes no liability for 
loss or damage howsoever caused.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to