I found out about a few other functions that make it bit easier. I think I have it working using the following,
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if(((HttpServletRequest)request).getRequestedSessionId() != null && ((HttpServletRequest)request).isRequestedSessionIdValid() == false) { RequestDispatcher rd = request.getRequestDispatcher("/WEB-INF/sessionexpired.jsp"); rd.forward(request, response); } else { chain.doFilter(request, response); } } The strange thing is that this page seems to only intermittently be displayed. i.e. it is catching the case where the session expires, but, in some cases since I'm using container based security, it is going back to the login page. Sometimes it goes to this page first, and then brings up the login page. Other times, it just goes straight to the login page. I need to look into it further. I have SingleSignOn enabled, so, I'm not sure if that might have something to do with it. I need to do more testing. In theory, I think it should go to the login page each time. So, I'm thinking of putting a check in my login page similar to the above that just shows optional text stating that the session has expired. Another thing that I'm wondering is if it is possible to use a servlet as the login page for Tomcat rather than a .jsp file. Jon ----- Original Message ----- From: "Veniamin Fichin" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Friday, May 21, 2004 7:15 AM Subject: Re: Session Timeout and "Direct Reference to login page" > Jonathan Eric Miller wrote: > > > Yeah, that seems like it would work. I'm wondering if I could maybe use a > > filter by itself though and not use the listener and do something like the > > following. > > > > 1. Intercept all requests with a filter. > > 2. Get the HttpSession out of the request. Get the session ID by calling > > HttpSession.getId(); > > 3. Get the cookie array and see if there is a cookie named "jsessionid." If > > there is, compare the two session IDs. If they are different forward to > > sessionexpired.jsp to display error page. Otherwise, continue as normal. > > I've just tried this way, it works. Look at example .java file in > attach for example, it's Filter implementation. Thanks for the > suggestion, it's very useful. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]