I found out about a few other functions that make it bit easier. I think I
have it working using the following,
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
if(((HttpServletRequest)request).getRequestedSessionId() != null &&
((HttpServletRequest)request).isRequestedSessionIdValid() == false) {
RequestDispatcher rd =
request.getRequestDispatcher("/WEB-INF/sessionexpired.jsp");
rd.forward(request, response);
}
else {
chain.doFilter(request, response);
}
}
The strange thing is that this page seems to only intermittently be
displayed. i.e. it is catching the case where the session expires, but, in
some cases since I'm using container based security, it is going back to the
login page. Sometimes it goes to this page first, and then brings up the
login page. Other times, it just goes straight to the login page. I need to
look into it further. I have SingleSignOn enabled, so, I'm not sure if that
might have something to do with it. I need to do more testing. In theory, I
think it should go to the login page each time. So, I'm thinking of putting
a check in my login page similar to the above that just shows optional text
stating that the session has expired.
Another thing that I'm wondering is if it is possible to use a servlet as
the login page for Tomcat rather than a .jsp file.
Jon
----- Original Message -----
From: "Veniamin Fichin" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Friday, May 21, 2004 7:15 AM
Subject: Re: Session Timeout and "Direct Reference to login page"
> Jonathan Eric Miller wrote:
>
> > Yeah, that seems like it would work. I'm wondering if I could maybe use
a
> > filter by itself though and not use the listener and do something like
the
> > following.
> >
> > 1. Intercept all requests with a filter.
> > 2. Get the HttpSession out of the request. Get the session ID by calling
> > HttpSession.getId();
> > 3. Get the cookie array and see if there is a cookie named "jsessionid."
If
> > there is, compare the two session IDs. If they are different forward to
> > sessionexpired.jsp to display error page. Otherwise, continue as normal.
>
> I've just tried this way, it works. Look at example .java file in
> attach for example, it's Filter implementation. Thanks for the
> suggestion, it's very useful.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
