Latest posts for the topic "Session timeout action"

Session timeout action

seymores — GMT

Hi, Right after a session timed out, can I recreate a new session by redirecting the user to a login page(or something like that)? The behaviour now is, when the session expired, I can do much even if I try to login from the front page again. Help?

Re: Session timeout action

philip.breau — GMT

SecurePages

Security constraint for resources in the secure directory

Re: Session timeout action

jtp51 — GMT

Philip: Essentially, what your saying is instead of seeing the overlay Session Timeout screen on my page of where the session timed out or the page errored, by using container-managed security I can redirect a user to a new login page or page of my choice? Thanks, --Todd

Re: Session timeout action

philip.breau — GMT

Hi, Yes, the container should intercept any requests to secured resources and redirect to a login page if the session has expired. Thanks, Philip

Re: Session timeout action

seymores — GMT

Thank you, I'll give a go and see how it works out. Thanks again.

Re:Session timeout action

fxji@yahoo.com — GMT

Hi, Even with container managed security, when session expired, when I click on a icefaces link, I didn't get back to the login page. I have to use browser reload button to get back to the login page. To me this is not a desired behavior. Do you have any suggestion how to solve this issue? I tried to implement a servlet filter to handle session expiration redirect, but I have similar problem. Once the session expires, icefaces will not respond to any mouse click unless a page reload. thanks

Re:Session timeout action

drumac — GMT

Anyone solved this? We have similar problems...

Re:Session timeout action

eashwaranp — GMT

Any updates on this issue? I'm facing a similar situation. I've a connection status component I'm using on the top right of the page. AFter the session times out I can see a red mark on it which indicates to me that the session expired. But for a novice user of my application, this is not intuitive at all. Currently I've to tell the user to click the browser 'Reload' button to activate the container security to make the application go back to the login screen!! Users are more accustomed to the page automatically getting redirected to another page which states that their session had expired and possibly present new buttons/links to log back in. How can I do this with ICEfaces? Regards, Eashwaran.

Re:Session timeout action

Baleyba — GMT

Hi, you just need to add this lines into your web.xml, in order to redirect on the login page when session is broken:

com.icesoft.faces.connectionLostRedirectURI

'/index.jsp'

regards Bal.

Re:Session timeout action

pred — GMT

I made a filter to detect session expiration but this was not enough, you need to refresh the page... I will try with a listener that checks session state and send a redirect order with server push right before session timeout.

Re:Session timeout action

eashwaranp — GMT

Baleyba wrote:

Hi, you just need to add this lines into your web.xml, in order to redirect on the login page when session is broken: com.icesoft.faces.connectionLostRedirectURI '/index.jsp' regards Bal.

Wow! that works really well. Thanks, that was just what I needed :-) (New Note Added: pls see next message too) One thing to note though: The param-value's value needs to be inside single quotes, just like you have shown; if not the ICEfaces page encounters javascript errors (for me it said 'configuration' not found, probably because I had this definition without quotes in the param-value just above the contextConfigLocation param-value definition). Thanks again, Eashwaran.

Re:Session timeout action

eashwaranp — GMT

Hello Baleyba, I've seen some issues with the connectionLostRedirectURI approach. Yes this does work when session times out, but that is not just it! It also kicks in when some uncaught exceptions are triggered on the server. It also seems to kick in when there is a network delay and the connection to the server is intermittently lost, but long enough for this feature to transition the app to the lost uri page. My lost uri page has a 'Click here to login' link, and clicking ont this just takes me back into the application without going through the login page. This indicates that teh session really did not expire, it was just network delay. I think what we need is a new parameter (say sessionExpiredRedirectURI) that would allow us to configure a new page for just session expiry. Regards, Eashwaran.

Re:Session timeout action

eashwaranp — GMT

pred wrote:

I made a filter to detect session expiration but this was not enough, you need to refresh the page... I will try with a listener that checks session state and send a redirect order with server push right before session timeout.

I tried a filter following http://www.netbeans.org/kb/55/sessionredirect.html example. Mapping this filter to Persistent Faces Servlet didn't seem to get me to the code that calls sendRedirect (i.e. isNew true and firstRequest != 0). But when I mapped this filter to Blocking Servlet, this redirect code seems to kickin. But nothing happens on my browser! When I click refresh on browser, my login page comes up, which is a result of ACEGI security filters that are in place in my application. I tried to see if the combo of redirectURI and the filter works, but the redirectURI always wins! We really need a way for ICEfaces to detect session timeout, not other issues like uncaught exceptions or network delays. Regards, Eashwaran.