Although this approach might work, I don't like it so much.  The reasons:

1) Maintainability: if you want to change the timeout to 30 minutes (and
you have 50 jsp pages), then you have to make the change 50 times.

2) Business Logic: This approach will never prevent you Action from
executing.  Since you have to go through an action to reach the jsp page,
when the *page* reloads, you are actually reloading the action first. 
Having said that, if your action does something that should only be
executed if your session has not expired, your approach will not work.

A combination of using a filter & session-config (in web.xml) solves both
problems above.  How?

1) You only have to change the session timeout setting in one place.

2) Your filter is executed before anything else.  Hence, you never have to
worry about an action being executed unintentionally.

Aladin



> That's easy, just drop this in all of your JSPs (preferrably via an
> include
> or let a filter do it for you).
>
> (assuming your session timeout is 20 minutes)
>
> <meta http-equiv="refresh" content="1200;/">
>
> You should be handling invalid/expired session state in your application
> and
> by using the above technique, it will work universally, whether you are
> managing sessions from your actions, CMS, or some other service outside of
> the conatiner, such as a product like SiteMinder by Netegrity.
>
> This will _force_ the browser to do a refresh of the page after 1200
> seconds
> (20 minutes), which will allow your app to handle the request (from a now
> expired session) the same as it would if the user had initiated the
> request
> giving a hint of being on a rich client where such events are easily
> handled.
>
>
>
>
> --
> James Mitchell
> Software Engineer / Open Source Evangelist
> Consulting / Mentoring / Freelance
> EdgeTech, Inc.
> http://www.edgetechservices.net/
> 678.910.8017
> AIM:   jmitchtx
> Yahoo: jmitchtx
> MSN:   [EMAIL PROTECTED]
>
>
>
>
> ----- Original Message -----
> From: "Adam Lipscombe" <[EMAIL PROTECTED]>
> To: "'Struts Users Mailing List'" <user@struts.apache.org>
> Sent: Thursday, May 12, 2005 6:19 AM
> Subject: Best practice for redirecting on session timeout?
>
>
>> Folks,
>>
>>
>> I there a standard way of handling session timeouts. If a user has been
>> inactive for longer than N minutes I want to redirect them to the login
>> page.
>>
>> It occurs to me that this could be done in a) the RequestProcessor or b)
>> in
>> an JSP include.
>>
>>
>> Is there another way?
>> What is best practice?
>>
>>
>> TIA - Adam
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to