struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Reumann <strut...@reumann.net>
Subject Re: Best practice for redirecting on session timeout?[Scanned]
Date Fri, 13 May 2005 21:31:41 GMT
Getting ready to leave so don't have time to look at your code but my 
doFilter looks like...

//doFilter ...

String path = request.getRequestURL().toString();
String contextPath = request.getContextPath();
if (pathNeedsCheck(path)) {
    HttpSession session = request.getSession(false);
    if (session == null) {
      response.sendRedirect(contextPath+"/sessionTimeOut.jsp");
      return;
    }
}
private boolean pathNeedsCheck(String path) {
         //returns true if none of these paths found
         boolean needsCheck = path.indexOf("/index.jsp") == -1 && 
path.indexOf("/logout.jsp") == -1 && path.indexOf("/entry") == -1 && 
path.indexOf("/sessionTimeOut.jsp") == -1;
         return needsCheck;
     }

I'm sure there are much better ways than hardcoding the paths like I did 
above that I didn't want the session time out to check, but the above 
works at least.

It's also nice to include what James said to force the browser to 
refresh that equals your session time out time, so that, like he said, 
when the user comes back from a long lunch they are brought to the 
session timed out page, vs thinking they can click on something and then 
being brought to the session timed out page. Just more graceful in my 
opinion to add this. Usually your session time out page could just be 
the login page with a message there about how you have timed out.. bla 
bla blah.


Adam Lipscombe wrote the following on 5/13/2005 6:19 AM:
> Folks
> 
> 
> Many thanks for all your input on this. I decided to go with the filter
> approach.
> My doFilter() method is below. I certainly traps the timeout.
> 
> The problem now is that the redirect fails no matter if I use
> "/pages/SessionTimedOut.jsp" or a fully qualified URL (e.g
> "http://localhost:8080/ExpenSysWT/pages/SessionTimedOut.jsp")
> 
> 
> The error message that is logged is: "failed to set redirect, msg = null"
> 
> 
> Any help much appreciated
> 
> 
> TIA -Adam
> 
> 
> 
> 
> 
> 
> ----------------------
> 
>   public void doFilter(ServletRequest request,
>                        ServletResponse response,
>                        FilterChain chain)
>   {
>     HttpServletRequest  httpServletRequest = (HttpServletRequest) request;
>     HttpServletResponse httpServletResponse = (HttpServletResponse)
> response;
>     HttpSession httpSession = httpServletRequest.getSession();
> 
>     boolean sessionTimedOut = false;
> 
>     try
>     {
>       if (false == httpServletRequest.isRequestedSessionIdValid())
>       {
>         sessionTimedOut = true;
>       }
>       else
>       {
>         String requestedAction = httpServletRequest.getRequestURI();
>         if (false == requestedAction.endsWith(StrutsConstants.LOGIN_ACTION))
>         {
>           if (null != httpSession)
>           {
>             if (null == httpSession.getAttribute(Constants.SESSION_CONTEXT))
>             {
>               sessionTimedOut = true;
>             }
>           }
>         }
>       }
> 
>       if (true == sessionTimedOut)
>       {
>         logger.warning("session timed out");
>         httpServletResponse.sendRedirect("/pages/SessionTimedOut.jsp");
>       }
> 
>       chain.doFilter(request, response);
> 
>     }
>     catch (Exception ex)
>     {
>       String msg = "failed to set redirect, msg = " + ex.getMessage();
>       logger.severe(msg);
>     }
>   }
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 


-- 
Rick

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message