struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paananen, Tero" <Tero.Paana...@GTECH.COM>
Subject RE: How to differentiate between timed-out user and new user?
Date Wed, 09 Jul 2003 21:10:37 GMT
> I'm dealing with the issue of session timeout and I'm
> having trouble figuring out how I can tell when a user
> is making a request after their session has timed out.
> I'd like to present them with a message indicating that
> fact, rather than just assuming they're a new user and 
> sending them on to the login page.  Is there any way to 
> detect this?

Store the session ID the user is associated with
in the persistent user repository when the user
logs in. Clear it when the user logs out.

On every request, capture the session ID the browser
is sending you either as a cookie or a request parameter.

If the session has timed out, search the user repository
for the same session ID.

If you find one, you'll know the session has timed out
(user never logged out, so the session ID was not cleared).

If you don't find one (or there is no session ID sent
from the browser), it's a new user.


This email may contain confidential and privileged material for the sole use of the intended
recipient(s). Any review, use, retention, distribution or disclosure by others is strictly
prohibited. If you are not the intended recipient (or authorized to receive for the recipient),
please contact the sender by reply email and delete all copies of this message.  Also, email
is susceptible to data corruption, interception, tampering, unauthorized amendment and viruses.
We only send and receive emails on the basis that we are not liable for any such corruption,
interception, tampering, amendment or viruses or any consequence thereof.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message