struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Justin Ashworth" <>
Subject Re: Struts and session
Date Tue, 17 Dec 2002 14:51:02 GMT
Hi Doug,

We use a javax.servlet.Filter to check for an expired session.  I found this
idea on some website or in the Struts-User archives and it makes the most
sense to me.  All requests go through the filter before they hit the
servlet, so this is the perfect place to check for whether or not a user is
logged in - it's hidden away and it's executed before anything else.  Just
create a class that implements javax.servlet.Filter.  There are three
methods to implement in this class, but the real work will be done in the
doFilter() method.  In doFilter() you can call
request.getSession().getAttribute("someAttribute") on an attribute that
should always be there if the session is valid, and if it's not there
forward them to the login screen (this will be a RequestDispatcher.forward()
and not a Struts ActionForward). Your doFilter() method will be specific to
your application, but the other two methods you need to implement,
getFilterConfig() and setFilterConfig() are just a basic getter and setter
for a FilterConfig member variable.  Also, it is good practice that if you
aren't forwarding back to the login page in your doFilter method, you call
filterChain.doFilter(request, response).  filterChain is a parameter to this
method and represents a chain of filters you have configured in your web.xml
file.   See the JavaDoc for more info. Your entry for the filter in your
web.xml file will look something like this:



If you plan well you should also be able to figure out which page the user
was heading to when their session timed out and pass that back to the login
screen so that they go directly to it after login.  I can't give an example
of this because we haven't implemented it yet.



----- Original Message -----
From: "Doug Ogateter" <>
To: "Struts Users Mailing List" <>
Sent: Tuesday, December 17, 2002 9:26 AM
Subject: Struts and session

> Greetings:
> I am using struts1.1b2 to implement a web application. I have a
> question regarding to implementing session timeout. When session is
> invalidated, user who has logged in the system should be forwarded to
login page.
> I am not clear about the followings, and hope someone can help me out.
> 1. Should I use request.getSession(false) to check if session is
> timeout? If so, that means for every request, it will check if session is
> invaildate. Will it cause performance problem? If not, which methods
> should I call to check it?
> 2. If I should use request.getSession(false) to check session timeout,
> where should I write the code? Should I write the code in every action
> class?
> 3. There are many methods related to session, such as getCreationTime,
> getLastAccessedTime,..Where and how should I use them in the
> implementation?
> 4.From my understanding, I can set timeout in web.xml or use
> setMaxInactiveIterval(int ..). Usually which way should be use?
> 5. After user login, I want to forward the user to the page where he
> was when session timeout. Where should I save the information(with the
> information, I know where I should forward the user to)?
> I searched the archive. However, it seems that I can't find the
> specific info.
> Your help is highly appreicated.
> Doug
> ---------------------------------
> Post your free ad now! Yahoo! Canada Personals

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message