Why you just don't exclude "login" page from being processed by you "is session live" filter?
2007/10/30, Simon Kitching <[EMAIL PROTECTED]>: > ---- Arvind Pandey <[EMAIL PROTECTED]> schrieb: > > In my appln we have kept session time out as 2 minutes. > > once we go to login page , an unknown session gets created for that page. > > But I stay on the login page for more than 2 minutes without doing anything. > > Then I enter username and password and press the login button. But till then > > session has been expired and new session gets created and hence It comes > > again to > > the same login page through the filter we have written. From user point of > > view it seems > > as if user name and password fields gets cleared on click of login button. > > > > I want to keep session time out as 2 minutes for the applcation but > > for login page > > it should be something infinite so that it will not look like as all the > > fields have > > been cleared. > > > > Please suggest some soln for this particular scenario. > > Two minutes seems extremely short for a session timeout. I think you'll > regularly have users spending more time on filling out a page than that. > > However, no matter what the timeout, this is a common problem. The solution > I've used before is to have either a frame or javascript periodically request > a trivial page from the server. This keeps the session alive while that page > is displayed in the user's browser. > > The javascript solution uses the "setTimer" method, plus XmlHttpRequest to > fetch a "ping" page from the server every 60 seconds or so. > > Or an invisible frame can use the <meta> tag to refresh itself from a "ping" > page on the server. > > For the login page, it is also possible to use javascript to force a redirect > to a different page after a short period of time (less than the session > timeout). This other page says "please click here to login" and takes the > user to the login page. It is therefore certain that the session has not > timed out when login occurs. This approach only works for a login page though. > > Regards, > > Simon > >