---- Arvind Pandey <[EMAIL PROTECTED]> schrieb: > In my appln we have kept session time out as 2 minutes. > once we go to login page , an unknown session gets created for that page. > But I stay on the login page for more than 2 minutes without doing anything. > Then I enter username and password and press the login button. But till then > session has been expired and new session gets created and hence It comes > again to > the same login page through the filter we have written. From user point of > view it seems > as if user name and password fields gets cleared on click of login button. > > I want to keep session time out as 2 minutes for the applcation but > for login page > it should be something infinite so that it will not look like as all the > fields have > been cleared. > > Please suggest some soln for this particular scenario.
Two minutes seems extremely short for a session timeout. I think you'll regularly have users spending more time on filling out a page than that. However, no matter what the timeout, this is a common problem. The solution I've used before is to have either a frame or javascript periodically request a trivial page from the server. This keeps the session alive while that page is displayed in the user's browser. The javascript solution uses the "setTimer" method, plus XmlHttpRequest to fetch a "ping" page from the server every 60 seconds or so. Or an invisible frame can use the <meta> tag to refresh itself from a "ping" page on the server. For the login page, it is also possible to use javascript to force a redirect to a different page after a short period of time (less than the session timeout). This other page says "please click here to login" and takes the user to the login page. It is therefore certain that the session has not timed out when login occurs. This approach only works for a login page though. Regards, Simon
