Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 67EB990C6 for ; Fri, 4 Nov 2011 18:55:36 +0000 (UTC) Received: (qmail 21656 invoked by uid 500); 4 Nov 2011 18:55:33 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 21456 invoked by uid 500); 4 Nov 2011 18:55:32 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 21447 invoked by uid 99); 4 Nov 2011 18:55:32 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Nov 2011 18:55:32 +0000 X-ASF-Spam-Status: No, hits=0.0 required=5.0 tests=FREEMAIL_FROM,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of lists@nabble.com designates 216.139.236.26 as permitted sender) Received: from [216.139.236.26] (HELO sam.nabble.com) (216.139.236.26) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Nov 2011 18:55:26 +0000 Received: from isper.nabble.com ([192.168.236.156]) by sam.nabble.com with esmtp (Exim 4.72) (envelope-from ) id 1RMOuv-0004Iy-FS for users@tomcat.apache.org; Fri, 04 Nov 2011 11:55:05 -0700 Message-ID: <32782585.post@talk.nabble.com> Date: Fri, 4 Nov 2011 11:55:05 -0700 (PDT) From: =?UTF-8?Q?L=C3=A9a_Massiot?= To: users@tomcat.apache.org Subject: Re: Session expiration - browser -Web application In-Reply-To: <4EB41BB4.1020501@christopherschultz.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Nabble-From: lmhelp1@orange.fr References: <32780678.post@talk.nabble.com> <1320418485.4281.945.camel@dellberry> <32781413.post@talk.nabble.com> <4EB41BB4.1020501@christopherschultz.net> X-Virus-Checked: Checked by ClamAV on apache.org @Christopher : Thank you for your answer. Christopher wrote: >=20 > The new session created is completely empty. It has nothing to do with th= e > user going back in the history, etc. > No, you are right. What I meant is that I was/am managing session expiration inside the Webapp (for instance if the user clicks a button which is inside the Webapp and if the session has expired, I redirect him to the log in page). Christopher wrote: >=20 > I always try to have enough information in the page (form) so that > resuming a workflow after a session timeout is a possibility. >=20 I'm sorry but I do not understand what you are explaining me here... A SOLUTION... I THINK. I have found a solution, here it is: for all the JSPs which require a user to be identified (*), I add the following code: <% ASessionAttribute aSessionAttribute =3D null; HttpSession httpSession =3D null;=20 =09=09=09=09 httpSession =3D request.getSession(); =09aSessionAttribute =3D (ASessionAttribute) httpSession.getAttribute("aSessionAttribute"); =09=09=09=09 =09if(aSessionAttribute =3D=3D null) =09{ =09 response.sendRedirect("the-log-in-page.jsp"); } %> Then if a user presses the F5 key and if the session has expired, he is properly redirected to the log in page. Best regards, -- L=C3=A9a (*) That is to say, in my example, the "aSessionAttribute" object musn't be null. --=20 View this message in context: http://old.nabble.com/Session-expiration---br= owser--Web-application-tp32780678p32782585.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org