A new session is created before your JSP is serviced, so I think that's why you're always getting a session object there.
session.isNew() is an indirect but pretty good way of knowing when a session has just been created, and thus could be because the old session timed out. You can also put some kind of token into the session and look for that; if it's not there then you know it's a new sesssion and the old one must have timed out. Sean --- TODD HARNEY <[EMAIL PROTECTED]> wrote: > How can one accurately detect that a session has timedout? I have a custom > tag that is automatically included on every jsp page we have. Its job is to > detect whether a session has timedout and if it has, to redirect the user > to a different page to relogin or whatever. I think it is the case that > when I call request.getSession(false) it is still creating a new session if > the old one has expired. Any thoughts on how to approach this issue? I > don't have access to the name of a login token for example because our > sign-on functionality is just a drop in without the source code. > > Thanks, > Todd > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > __________________________________________________ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>