Re: session timeout setting
It is important to make a difference between a user session and a HTTP session. Many user sessions on the same browser instance will be just one HTTP session. session.setMaxInactiveInterval allows U to set a idle timeout(timeout between 2 successive requests) on the HTTP session. One way to handle User session timeout is as follows: 1. When user logs in store his login time in the session allocated to him using session.set("LOGIN_TIME", new Long(System.currentTimeMillis())). Note : capture login time in milliseconds. 2. Everytime the user makes a request , write a helper method which does a check like - if( System.currentTimeMillis() - ((Long)session.get("LOGIN_TIME")).longValue() >= SESSION_TIMEOUT ) { // Do whatever U want to do , fo eg. re-direct user to the "Login" page again. } Hope this helps. -Original Message- From: Alan Meyer [mailto:[EMAIL PROTECTED]] Sent: Friday, December 20, 2002 12:43 AM To: [EMAIL PROTECTED] Subject: Re: session timeout setting Yong How showed how to do this by setting a value in the web.xml configuration file. Another way to do it is is to make the following method call inside the application (allowing different intervals for different purposes): session.setMaxInactiveInterval (...) where ... is the number of seconds between interactions after which a timeout should occur. For two hours, you'd use 7200. You can set this in the login JSP page. Also, instead of reading the cookie, you might have a look at session.getId(), which should work with cookies or with URL re- writing, and session.isNew(). If I remember correctly, there might have been problems with these in Tomcat 3.x series that were fixed in 4.x. Alan > -Original Message- > From: A mailing list about Java Server Pages specification and > reference [mailto:[EMAIL PROTECTED]]On Behalf Of Kenny G. > Dubuisson, Jr. Sent: Wednesday, 18 December, 2002 12:11 AM To: > [EMAIL PROTECTED] Subject: session timeout setting > > > I have a site written in JSP that uses session info to validate user's > sessions. I want to change the default timeout of the session from 60 > mins but I'm not sure what is controlling this or how/where to change > it. Here is more info to help figure this out...if anyone has any > ideas I would greatly appreciate it. > > My initial JSP page has a login which, when validated, sets a cookie > that stores the session ID. Every page thereafter, upon initial load, > checks the current session ID against this cookie and if they don't > match, the user is directed to re-login. My users want a longer > timeout but I'm not sure where to control this (maybe this question is > for the Tomcat listI just don't know). > -- Alan Meyer AM Systems, Inc. Randallstown, MD USA [EMAIL PROTECTED] === To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com === To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com
Re: session timeout setting
Yong How showed how to do this by setting a value in the web.xml configuration file. Another way to do it is is to make the following method call inside the application (allowing different intervals for different purposes): session.setMaxInactiveInterval (...) where ... is the number of seconds between interactions after which a timeout should occur. For two hours, you'd use 7200. You can set this in the login JSP page. Also, instead of reading the cookie, you might have a look at session.getId(), which should work with cookies or with URL re- writing, and session.isNew(). If I remember correctly, there might have been problems with these in Tomcat 3.x series that were fixed in 4.x. Alan > -Original Message- > From: A mailing list about Java Server Pages specification and > reference [mailto:[EMAIL PROTECTED]]On Behalf Of Kenny G. > Dubuisson, Jr. Sent: Wednesday, 18 December, 2002 12:11 AM To: > [EMAIL PROTECTED] Subject: session timeout setting > > > I have a site written in JSP that uses session info to validate user's > sessions. I want to change the default timeout of the session from 60 > mins but I'm not sure what is controlling this or how/where to change > it. Here is more info to help figure this out...if anyone has any > ideas I would greatly appreciate it. > > My initial JSP page has a login which, when validated, sets a cookie > that stores the session ID. Every page thereafter, upon initial load, > checks the current session ID against this cookie and if they don't > match, the user is directed to re-login. My users want a longer > timeout but I'm not sure where to control this (maybe this question is > for the Tomcat listI just don't know). > -- Alan Meyer AM Systems, Inc. Randallstown, MD USA [EMAIL PROTECTED] === To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com
Re: session timeout setting
Hi, Add the following to your web.xml file ... ... ... 60 Best Regards, Lim Yong How Software Engineer Ryeson Security International 180B Bencoolen Street #10-01/02 The Bencoolen Singapore 189648 www.ryeson.com <http://www.ryeson.com> The information contained in this e-mail message is intended only for the use of the person or entity to whom it is addressed and may contain information that is CONFIDENTIAL and may be LEGALLY PRIVILEGED and exempt from disclosure under applicable laws. If you read this message and are not the addressee you are notified that use, dissemination, distribution, or reproduction of this message is prohibited. If you have received this message in error, please notify us immediately and delete the original message. __ -Original Message- From: A mailing list about Java Server Pages specification and reference [mailto:[EMAIL PROTECTED]]On Behalf Of Kenny G. Dubuisson, Jr. Sent: Wednesday, 18 December, 2002 12:11 AM To: [EMAIL PROTECTED] Subject: session timeout setting I have a site written in JSP that uses session info to validate user's sessions. I want to change the default timeout of the session from 60 mins but I'm not sure what is controlling this or how/where to change it. Here is more info to help figure this out...if anyone has any ideas I would greatly appreciate it. My initial JSP page has a login which, when validated, sets a cookie that stores the session ID. Every page thereafter, upon initial load, checks the current session ID against this cookie and if they don't match, the user is directed to re-login. My users want a longer timeout but I'm not sure where to control this (maybe this question is for the Tomcat listI just don't know). Thanks, Kenny === To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com === To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com
Re: session timeout setting
I only use a session variable, Tomcat does the cookie work, and I only check if the user variable exist in the session. After the time of inactivity, Tomcat closes the session and the user must revalidate. I dont know if is the same that you do. Josep En/na Kenny G. Dubuisson, Jr. ha escrit: Will this keep it from generating a new session ID every 60 mins? Thanks for the quick response. Kenny - Original Message - From: "Josep R. Raurell" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, December 17, 2002 10:24 AM Subject: Re: session timeout setting You can put this in your code: session.setMaxInactiveInterval(time); // time in seconds Josep R. Raurell En/na Kenny G. Dubuisson, Jr. ha escrit: I have a site written in JSP that uses session info to validate user's sessions. I want to change the default timeout of the session from 60 mins but I'm not sure what is controlling this or how/where to change it. Here is more info to help figure this out...if anyone has any ideas I would greatly appreciate it. My initial JSP page has a login which, when validated, sets a cookie that stores the session ID. Every page thereafter, upon initial load, checks the current session ID against this cookie and if they don't match, the user is directed to re-login. My users want a longer timeout but I'm not sure where to control this (maybe this question is for the Tomcat listI just don't know). Thanks, Kenny === To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com === To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com === To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com === To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com
Re: session timeout setting
Will this keep it from generating a new session ID every 60 mins? Thanks for the quick response. Kenny - Original Message - From: "Josep R. Raurell" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, December 17, 2002 10:24 AM Subject: Re: session timeout setting > You can put this in your code: > > session.setMaxInactiveInterval(time); // time in seconds > > > Josep R. Raurell > > > En/na Kenny G. Dubuisson, Jr. ha escrit: > > >I have a site written in JSP that uses session info to validate user's > >sessions. I want to change the default timeout of the session from 60 mins > >but I'm not sure what is controlling this or how/where to change it. Here > >is more info to help figure this out...if anyone has any ideas I would > >greatly appreciate it. > > > >My initial JSP page has a login which, when validated, sets a cookie that > >stores the session ID. Every page thereafter, upon initial load, checks the > >current session ID against this cookie and if they don't match, the user is > >directed to re-login. My users want a longer timeout but I'm not sure where > >to control this (maybe this question is for the Tomcat listI just don't > >know). > > > >Thanks, > >Kenny > > > >=== > >To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". > >For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". > >Some relevant FAQs on JSP/Servlets can be found at: > > > > http://archives.java.sun.com/jsp-interest.html > > http://java.sun.com/products/jsp/faq.html > > http://www.esperanto.org.nz/jsp/jspfaq.jsp > > http://www.jguru.com/faq/index.jsp > > http://www.jspinsider.com > > > > > > === > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". > For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". > Some relevant FAQs on JSP/Servlets can be found at: > > http://archives.java.sun.com/jsp-interest.html > http://java.sun.com/products/jsp/faq.html > http://www.esperanto.org.nz/jsp/jspfaq.jsp > http://www.jguru.com/faq/index.jsp > http://www.jspinsider.com > === To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com
Re: session timeout setting
You can put this in your code: session.setMaxInactiveInterval(time); // time in seconds Josep R. Raurell En/na Kenny G. Dubuisson, Jr. ha escrit: I have a site written in JSP that uses session info to validate user's sessions. I want to change the default timeout of the session from 60 mins but I'm not sure what is controlling this or how/where to change it. Here is more info to help figure this out...if anyone has any ideas I would greatly appreciate it. My initial JSP page has a login which, when validated, sets a cookie that stores the session ID. Every page thereafter, upon initial load, checks the current session ID against this cookie and if they don't match, the user is directed to re-login. My users want a longer timeout but I'm not sure where to control this (maybe this question is for the Tomcat listI just don't know). Thanks, Kenny === To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com === To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com
session timeout setting
I have a site written in JSP that uses session info to validate user's sessions. I want to change the default timeout of the session from 60 mins but I'm not sure what is controlling this or how/where to change it. Here is more info to help figure this out...if anyone has any ideas I would greatly appreciate it. My initial JSP page has a login which, when validated, sets a cookie that stores the session ID. Every page thereafter, upon initial load, checks the current session ID against this cookie and if they don't match, the user is directed to re-login. My users want a longer timeout but I'm not sure where to control this (maybe this question is for the Tomcat listI just don't know). Thanks, Kenny === To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com