Java – Auto Log Off once the session expires

jakarta-eejavaservlets

Our application logs off after 30 min and gets redirected to login page,i am specifying session timeout in web.xml and using a requestProcessor for redirecting.I want to show to the user a message saying your session got expired once the session expires,how can i do that.Auto log off ?
I would like to prompt the error message on the page"The session is timeout, please login again" . Then how could I detect the session is timeout? will any methods trigger automatically?

Best Answer

Create an activity checker which checks every minute if any user activity has taken place (mouseclick, keypress) and performs a heartbeat to the server side to keep the session alive when the user is active and does nothing when the user is not active. When there is no activity for 30 minutes (or whatever default session timeout is been set on server side), then perform a redirect.

Here's a kickoff example with little help of jQuery to bind click and keypress events and fire ajax request.

<script src="http://code.jquery.com/jquery-latest.min.js"></script>
<script>
    $(document).ready(function() {
        $.active = false;
        $('body').bind('click keypress', function() { $.active = true; });
        checkActivity(1800000, 60000, 0); // timeout = 30 minutes, interval = 1 minute.
    });

    function checkActivity(timeout, interval, elapsed) {
        if ($.active) {
            elapsed = 0;
            $.active = false;
            $.get('heartbeat');
        }
        if (elapsed < timeout) {
            elapsed += interval;
            setTimeout(function() {
                checkActivity(timeout, interval, elapsed);
            }, interval);
        } else {
            window.location = 'http://example.com/expired'; // Redirect to "session expired" page.
        }
    }
</script>

Create a Servlet which listens on /heartbeat and does basically just the following:

@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) {
    request.getSession();
}

to keep the session alive.

When you store the logged-in user in the session, it will be "automagically" logged out whenever the session expires. So you don't need to manually logout the user.

Related Solutions

Java – How to disable redirection to login page in JBoss, when the session expires

Remove section, and AS will have no idea where to send your user. Your request will go through your filter, and it will do its work.

You'll have to handle login form explicitly too, but this is not a rocket science.

Java – Display message after session timeout

I found a number of solutions to this problem by entering the following in to Google:

"Java session expired message"

Here's one solution copied from the web:

Create a SessionTimeout.java filter and assign the filter a /app/*.jsp pattern in the web.xml file. This will cause my filter to be called on every request (ie When the user hits the button after 30 minutes). Exclude the main page (login/login.jsp) from this filter so a new session can be established. The code for the filter is very simple:

public class SessionTimeout implements Filter{
   RequestDispatcher rd = null;

  public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
   throws IOException, ServletException{
      HttpServletRequest req = (HttpServletRequest)request;
      HttpSession session = req.getSession();

   // New Session so forward to login.jsp
   if (session.isNew()){
     requestDispatcher = request.getRequestDispatcher("/login/login.jsp");
     requestDispatcher.forward(request, response);
  }

  // Not a new session so continue to the requested resource
   else{
      filterChain.doFilter(request, response);
  }
}

public void init(filterConfig arg) throws ServletException{}
public void destroy(){}

}

Best Answer

Related Solutions

Java – How to disable redirection to login page in JBoss, when the session expires

Java – Display message after session timeout

Related Topic