CODEWITHSUNDEEP
javasessionservletsweb.xml
user3485046
user3485046

Reputation: 1

Session timeout not happening

What are the steps to identify the session has timed out and to redirect it,i hav tried by giving session-timeout as 1 min in web.xml,whether that makes session to timout?

for redirecting in filter:

if (request.getRequestedSessionId() != null   && !request.isRequestedSessionIdValid()) 
        response.sendRedirect(request.getContextPath() + "/login.html");
                    return;
    }
    else {
        response.setHeader("Cache-Control", "no-cache, no-store, must-       revalidate"); // HTTP 1.1.
        response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
        response.setDateHeader("Expires", 0);
        filterChain.doFilter(servletRequest, servletResponse);
    }

but it not redirecting to login page,what am i missing here?

one more clarification needed is : does url-pattern tag in web.xml should hav the redirection page address?

<filter-mapping>
    <filter-name>SessionTimeoutCookieFilter</filter-name>
    <url-pattern>login.html</url-pattern>
</filter-mapping>

any suggestion on this please....

Upvotes: 0

Views: 1564

Answers (3)

Mitul Maheshwari
Mitul Maheshwari

Reputation: 2647

It is very Simple.
Add Following code into your SessionTimeoutCookieFilter 

    HttpSession session = request.getSession(false);
        if (null == session) {
            response.sendRedirect("index.jsp");
        }

And also change your url patern , something like i have used :-

<filter>
<filter-name>SessionFilter</filter-name>
 <filter-class>
    net.SessionFilter
</filter-class>
<init-param>
    <param-name>avoid-urls</param-name>
    <param-value>index.jsp</param-value>
</init-param>
</filter>
<filter-mapping>
 <filter-name>SessionFilter</filter-name>
 <url-pattern>/*</url-pattern>
 </filter-mapping>

Upvotes: 1

user3145373 ツ
user3145373 ツ

Reputation: 8146

<session-config>
    <session-timeout>15</session-timeout>
</session-config>

or you can do using Java Code :

session.setMaxInactiveInterval(15 * 60); //15 minutes

The HttpSession#setMaxInactiveInterval() doesn't change much here by the way. It does exactly the same as <session-timeout> in web.xml, with the only difference that you can change/set it programmatically during runtime. The change by the way only affects the current session instance, not globally (else it would have been a static method).

<session-config>
    <session-timeout>-1</session-timeout>
</session-config>

You can use -1 where the session never expires. Since you do not know how much time it will take for the thread to complete.

Upvotes: 0

Rookie007
Rookie007

Reputation: 1219

Try this in your web.xml if you are using Apache Tomcat 

         <session-config>
            <session-timeout>30</session-timeout>
        </session-config>

Upvotes: 1

Related Questions