In any web application ,if the user session gets expired we will be redirecting to a jsp page indicating the user that the session has been time out.There are two scenerios for this.
(1)Redirecting to a JSP page after the session gets expired and only if the user performs any action :
we normally set the session activation time by adding a below entry in the web.xml file as shown below.
So by the above entry in web.xml,the the application session will be active for the maximum of 1 hr without user doing any operation or actions.If the user click or do any operation which submits the form to the sever after this 60 min of no activity by the user,we need to redirect to a JSP page indicating the user that the session has been time out.We can do this by adding the below code in the servlet
But the above approach is tedious as we need to include the above code in all our servlets.The Best approach will be to use Fileters like below
Also map the Fiter in web.xml as shown below
So all the request of URL pattern *.do will call the session filter prior to the servlets mapped to it
Note:Make sure that the URL pattern for the login page doesnt call the above filter as the session will be always new while the user hits the login page.
(2)Redirecting to a JSP Page automatically after the session gets expired:
There will be some cases where we need to automatically redirect to the JSP if the user session gets expired without waiting for the user doing any action or operation.
One may think to use HttpSessionListener or HttpSessionActivationListener.But it doesn't solve the problem.The below HTML meta tag helps us to acheive this
session.getMaxInactiveInterval - will get the maximum inactive interval for the session which we set in the web.xml
Thus the current page will be refreshed to the jsp file(mentioned in URL), if the page is kept open for time specified in Content.
Note:Please use this Meta tag approach only if you have this requirement of redirecting to the JSP page automatically after the session the gets expired.Otherwise always use filters for the session check.
Related post:
(1)Redirecting to a JSP page after the session gets expired and only if the user performs any action :
we normally set the session activation time by adding a below entry in the web.xml file as shown below.
| <session-config> <session-timeout>60</session-timeout> </session-config> |
So by the above entry in web.xml,the the application session will be active for the maximum of 1 hr without user doing any operation or actions.If the user click or do any operation which submits the form to the sever after this 60 min of no activity by the user,we need to redirect to a JSP page indicating the user that the session has been time out.We can do this by adding the below code in the servlet
| HttpSession session = request.getSession(false);//Always return only the active sessin object ie if the session already exists if (session == null) { //redirect to login page } |
But the above approach is tedious as we need to include the above code in all our servlets.The Best approach will be to use Fileters like below
| public class SessionFilter implements Filter { private FilterConfig filterConfig; public void doFilter (ServletRequest request,ServletResponse response, FilterChain chain) { HttpSession session =null; HttpServletRequest req=(HttpServletRequest)request; HttpServletResponse res=(HttpServletResponse)response; try { session=req.getSession(false); if(session==null) { res.sendRedirect("/timeout.jsp"); //If the Active session is null ,we redirect to the timeout.jsp } chain.doFilter(request, response); } catch (IOException io) { System.out.println ("IOException raised in SimpleFilter"); } catch (ServletException se) { System.out.println ("ServletException raised in SimpleFilter"); } } public FilterConfig getFilterConfig() { return this.filterConfig; } public void setFilterConfig (FilterConfig filterConfig) { this.filterConfig = filterConfig; } public void init(FilterConfig arg0) throws ServletException { } } |
Also map the Fiter in web.xml as shown below
| <filter> <filter-name>sessionfilter</filter-name> <filter-class> com.filter.SessionFilter</filter-class> </filter> <filter-mapping> <filter-name>sessionfilter</filter-name> <url-pattern>*.do</url-pattern> </filter-mapping> |
So all the request of URL pattern *.do will call the session filter prior to the servlets mapped to it
Note:Make sure that the URL pattern for the login page doesnt call the above filter as the session will be always new while the user hits the login page.
(2)Redirecting to a JSP Page automatically after the session gets expired:
There will be some cases where we need to automatically redirect to the JSP if the user session gets expired without waiting for the user doing any action or operation.
One may think to use HttpSessionListener or HttpSessionActivationListener.But it doesn't solve the problem.The below HTML meta tag helps us to acheive this
| <meta http-equiv="refresh" content="<%=session.getMaxInactiveInterval%>;url=/timeout.jsp" /> |
session.getMaxInactiveInterval - will get the maximum inactive interval for the session which we set in the web.xml
Thus the current page will be refreshed to the jsp file(mentioned in URL), if the page is kept open for time specified in Content.
Note:Please use this Meta tag approach only if you have this requirement of redirecting to the JSP page automatically after the session the gets expired.Otherwise always use filters for the session check.
Related post:
good coding.Keep it up bro
ReplyDeleteawesome idea.. good job..
ReplyDeleteBut i see there could be a problem here, what if user have this page open and at the same time opens another link of this page in another tab and keep working on that. If this happens session would not expire, since he keeps working on the new one. When the user goes back to the old page it will timeout anyways and redirected
ReplyDeleteGood idea, Thanks so much!
ReplyDeleteThanks for good post! helpful!
ReplyDeleteI am getting error JBWEB000043: Cannot create a session after the response has been committed
ReplyDeletei also facing Cannot create a session after the response has been committed. can u suggest how to resolve
Deletemeta tag code not redirecting to timeout page
ReplyDelete