--- Brian Blount <[EMAIL PROTECTED]> wrote: > Thanks for the quick response. > > I don't think this will help in my scenario. I > don't > need to perform an action when the session timeouts. > > Instead, when a user hits my web application after > their session has timed out, I want to direct them > to > a particular page (different than the login page). > > --- [EMAIL PROTECTED] wrote: > > > Why not implement the HttpSessionListener and > handle > > session timeouts > > from that perspective? I've had success using > this > > method, but don't > > know if that will work for your scenario...HTH > > > > ----- Original Message ----- > > From: "Brian Blount" > > To: users@tomcat.apache.org > > Subject: Detecting Session Timeout in Tomcat > > Date: Fri, 14 Oct 2005 07:55:13 -0700 (PDT) > > > > > > Hello, > > > > I need to be able to distinguish between a > session > > timeout vs the first time someone accesses my > web > > application. Within a single web application, > I've > > been able to use the following logic: > > > > (request.isRequestedSessionIdValid() == false && > > (request.isRequestedSessionIdFromCookie() || > > request.isRequestedSessionIdFromURL())) > > > > However, I am running multiple web applications > > with > > single-sign-on enabled between them, so when I > > first > > navigate from one web application to the next, > the > > above expression evaluates to true even though > my > > session has not timed out. > > > > Is there a better way of detecting session > > timeouts in > > tomcat? > > > > Thanks in advance for any help, > > Brian > >
You could use a combination of this and the standard security features to keep from having to write your own form login Filter. Basically you would keep your own session information along with the standard session information. You could store this in a database server or something. Using the session listener when the session starts you create an entry in the database which tells some code you include in all of your pages to create a cookie that says the session has begun....separate from logging in. You can use a GUID/UUID to designate this. When the session listener determines that the session is ending it adds an entry linked to this GUID/UUID stored in a cookie. Then in your code you include in all pages if you need the session ending redirect you perform this then. Might help...not sure how cookies get bounced around in the form login stuff, so that's the only thing I'm not sure about. Wade --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]