Hi, That's scary :). I would never trust javascript for session management. What happens if javascript is turned off? The user is not allowed to use your app?
Your requirement can definetly be met on the server-side. Here's a possible scenario. You can create you a timer class (running in a seperate thread) which iterates through your active sessions. Each session would be wrapped in an object stored in a session manager. Each wrapped object contains the *last activity time* and is used to compare with the current system time. If the time elapsed is greater than what you allow for an inactive session, then you can set a flag in the session to redirect to an action which alerts the user to click on *X* to continue. If the user clicks on *X* then the session is reset. Otherwise the session is explicitly timedout in the session manager. Of course, the timer would be the main player here. It would be dispatched on every second (or whatever time interval you choose). This is just one "off-the-cuff" approach, but it should work... even when javascript is turned off. It also give you much more power than the javascript approach. For one, you can track where your users are spending most of their time. In addition, you can also manipulate the alert page and pass more information to the user. Hope this helps. Aladin > In our application we handle user inactivity using a javascript timer on > the > client side. > The requirement we had was to issue a warning message if the user has not > typed > or clicked anything for some period of time. What we do is once the > javascript timer expires we post a message which the user can click on to > reactivate the timer. Otherwise the user's session is invalidated by > sending > a request to some > action class on the server. > > I was wondering if such a requirement can be handled on the server side? > > > -----Original Message----- > From: Aladin Alaily [mailto:[EMAIL PROTECTED] > Sent: Thursday, May 12, 2005 8:32 AM > To: Struts Users Mailing List > Subject: Re: Best practice for redirecting on session timeout? > > > Hi Adam, > > One possibility is to have the timing out of the session be managed by > your container and have the redirection issued by a filter. > > If you are using Tomcat 4+ this is very straightforward to implement. > In the web.xml, you declare your session-timeout value and your filter > class. After having declared your filter, you need to map it to a uri > for which it will be applied. > > Aladin > > > > Adam Lipscombe wrote: >> Folks, >> >> >> I there a standard way of handling session timeouts. If a user has been >> inactive for longer than N minutes I want to redirect them to the login >> page. >> >> It occurs to me that this could be done in a) the RequestProcessor or b) > in >> an JSP include. >> >> >> Is there another way? >> What is best practice? >> >> >> TIA - Adam >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
