tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Srinadh Karumuri <skaru...@bbn.com>
Subject RE: Log out Screen
Date Thu, 29 Aug 2002 18:16:49 GMT
Well...it depends on the type of application I guess.

We have a data entry application used mostly for entering weekly time 
worked. We had lots of complaints where user thought he/she is still logged 
in and entered the data for the whole week and pressed "Save" button. At 
this point since the session has timed out user was sent to login screen 
making user enter the data again.

-Sri

At 01:53 PM 8/29/2002, Mike Jackson wrote:
>Does it matter when the redirect is done?  If the user sits on the page
>without the session being valid where's the problem with that?  You
>just want to make sure that they are valid when the pages that are
>secured are being accessed.
>
>--mikej
>-=-----
>mike jackson
>mjackson@cdi-hq.com
>
> > -----Original Message-----
> > From: Srinadh Karumuri [mailto:skarumur@bbn.com]
> > Sent: Thursday, August 29, 2002 10:35 AM
> > To: Tomcat Users List
> > Subject: RE: Log out Screen
> >
> >
> > This redirection works only when user submits a form (when server is hit).
> > We cannot do automatic redirection using only Java.
> >
> > Other alternatives are:
> > 1. Use Javascript and have a timer (set value as
> > request.getSession().getMaxInactiveInterval()) to redirect the page
> > automatically.
> > 2. Use browser's META as below
> > <META HTTP-EQUIV=Refresh
> > CONTENT="<%= request.getSession().getMaxInactiveInterval() %>;
> > URL=/jsp/login.jsp;">
> >
> > -Sri
> >
> > At 12:54 PM 8/29/2002, Mike Jackson wrote:
> > >That works, but I'd use a servlet to manage all page accesses and a
> > >request dispatcher so that the user's machine doesn't know that it's
> > >been redirected.
> > >
> > >--mikej
> > >-=-----
> > >mike jackson
> > >mjackson@cdi-hq.com
> > >
> > > > -----Original Message-----
> > > > From: Dan Lipofsky [mailto:danlip@nuserve.com]
> > > > Sent: Thursday, August 29, 2002 9:48 AM
> > > > To: Tomcat Users List
> > > > Subject: Re: Log out Screen
> > > >
> > > >
> > > > Set the timeout in web.xml inside the <web-app> tags like this
> > > >   <session-config>
> > > >     <session-timeout>
> > > >        720  <!-- 720 minutes = 12 hrs -->
> > > >     </session-timeout>
> > > >   </session-config>
> > > >
> > > > To check for the timeout, store something in the session
> > > > when they log in, like this
> > > >         session.putValue(StringConstants.USER_DATA,userInfo);
> > > > and then check it on each page like this
> > > >         if (session.getValue(StringConstants.USER_DATA) == null) {
> > > >                // redirect
> > > >         }
> > > >
> > > > - Dan
> > > >
> > > > > Where is the session time out set?  and how do I redirect it to a
> > > > > logout page once the session times out?
> > > >
> > > >
> > > >
> > > > --


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message