Getting ready to leave so don't have time to look at your code but my doFilter looks like...

//doFilter ...

String path = request.getRequestURL().toString();
String contextPath = request.getContextPath();
if (pathNeedsCheck(path)) {
HttpSession session = request.getSession(false);
if (session == null) {
response.sendRedirect(contextPath+"/sessionTimeOut.jsp");
return;
}
}
private boolean pathNeedsCheck(String path) {
//returns true if none of these paths found
boolean needsCheck = path.indexOf("/index.jsp") == -1 && path.indexOf("/logout.jsp") == -1 && path.indexOf("/entry") == -1 && path.indexOf("/sessionTimeOut.jsp") == -1;
return needsCheck;
}


I'm sure there are much better ways than hardcoding the paths like I did above that I didn't want the session time out to check, but the above works at least.

It's also nice to include what James said to force the browser to refresh that equals your session time out time, so that, like he said, when the user comes back from a long lunch they are brought to the session timed out page, vs thinking they can click on something and then being brought to the session timed out page. Just more graceful in my opinion to add this. Usually your session time out page could just be the login page with a message there about how you have timed out.. bla bla blah.


Adam Lipscombe wrote the following on 5/13/2005 6:19 AM:
Folks


Many thanks for all your input on this. I decided to go with the filter approach. My doFilter() method is below. I certainly traps the timeout.

The problem now is that the redirect fails no matter if I use
"/pages/SessionTimedOut.jsp" or a fully qualified URL (e.g
"http://localhost:8080/ExpenSysWT/pages/SessionTimedOut.jsp";)


The error message that is logged is: "failed to set redirect, msg = null"


Any help much appreciated


TIA -Adam






----------------------

  public void doFilter(ServletRequest request,
                       ServletResponse response,
                       FilterChain chain)
  {
    HttpServletRequest  httpServletRequest = (HttpServletRequest) request;
    HttpServletResponse httpServletResponse = (HttpServletResponse)
response;
    HttpSession httpSession = httpServletRequest.getSession();

    boolean sessionTimedOut = false;

    try
    {
      if (false == httpServletRequest.isRequestedSessionIdValid())
      {
        sessionTimedOut = true;
      }
      else
      {
        String requestedAction = httpServletRequest.getRequestURI();
        if (false == requestedAction.endsWith(StrutsConstants.LOGIN_ACTION))
        {
          if (null != httpSession)
          {
            if (null == httpSession.getAttribute(Constants.SESSION_CONTEXT))
            {
              sessionTimedOut = true;
            }
          }
        }
      }

      if (true == sessionTimedOut)
      {
        logger.warning("session timed out");
        httpServletResponse.sendRedirect("/pages/SessionTimedOut.jsp");
      }

      chain.doFilter(request, response);

    }
    catch (Exception ex)
    {
      String msg = "failed to set redirect, msg = " + ex.getMessage();
      logger.severe(msg);
    }
  }


--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]



--
Rick

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Reply via email to