> We carry a userid and a shopping cart in the session thu out the app.
> If the user goes to lunch and comes back, we would like to
> give them sort of
> friendly error if their session times out.
Allowing the garbage collector(unless you are REALLY nitpicky about
knowing that errant Objects are being gc "immediately") to manage the
cleaning up of these session objects is probably a best practice in
most cases. This is why I would suggest a Realm for most cases instead
of a implementation of HttpSessionBindingListener(no reason to reinvent
the wheel/pull out the sledge hammer to swat a fly) but the idea that you
want a "friendly error" on timeout makes me want to say that a
Listener is probably your best bet. If you are new to the
Model-View-Control
theory Listeners can be kind of daunting to begin with but I would suggest
picking up a good java book if this is the case. The problem with
implementing with Realms in you case is, if you were to use FORM AUTH TYPE,
how to determine whether a user is making their initial login or are in the
timeout scenario. The idea in the post below regarding the refresh meta tag
is also a possible solution and you could make it even more ingenious and
do something with javascript possibly with timers and configure a timer
for some time n < timeout time that would do something like pop up a warning
stating "You will be automatically timed out in x minutes...". Since this
is
client side it will not cause a request to the server to reset the timeout.
www.bankofamerica.com does something similar to this for their online
banking
I believe.
Just a couple of possibilities.
---
Michael Wentzel
Software Developer
Software As We Think - http://www.aswethink.com
