thanks a lot John thats what i needed.
thanks to Duong BaTien too - i gonna try your way in next project when having more time...
Slawek
I'm using something similar to the following in my "SessionExpiredFilter". It checks the session ID provided by the browser (whether from the cookie or from URL rewriting) and if one is provided and it isn't valid, it redirects to a page that is provided as a configuration parameter to the filter. Initially, I had it doing a forward instead of a redirect, but, then I realized that it would skip any filters that come after that filter, so, I decided to make it do a redirect instead. The code I'm using is a little different than this because I have some tweaks in it so that it works with Tomcat integrated security and a separate login page that I have which is shared between applications.
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest hsr = (HttpServletRequest)request;
HttpServletResponse hsr2 = (HttpServletResponse)response;
HttpSession hs = hsr.getSession();
if((hsr.getRequestedSessionId() != null && hsr.isRequestedSessionIdValid() == false)) {
String queryString = hsr.getQueryString();
hsr2.sendRedirect(page + (queryString == null ? "" : "?" + queryString));
}
else {
chain.doFilter(request, response);
}
}
Jon
