On Thu, 2011-10-20 at 10:06 -0400, Tim Watts wrote: > On Thu, 2011-10-20 at 09:51 -0400, Alejandro Soto wrote: > > Hi my friends, I want to ask you all, If there is a way to control the timed > > out of sessions with tomcat, what I need is when the session timed out, > > automatically the user is redirected to the login page, Is this possible to > > do that from tomcat?, I mean, tomcat triggers some event to the user with > > session timed out, with no need user interaction. > > > > I know that the time of inactivity of the session is setup in web.xml, with > > that I have no problem, what I need is just redirect to a login page when > > the session timed out. > > > > You mean when a browser is just sitting idle and the session times out > on the server, the browser is automatically redirected to the login > page? If so, see JavaScript and timers (all JavaScript caveats apply). > But Tomcat itself cannot reach out and trigger events at the client. > > Also, they will not be redirected to the login page if they are not > already at a page that requires authentication. You can't directly > redirect to the login page. So the JavaScript script would need to > redirect to a protected page when the timer pops (could be the page > they're on, could be something else). >
I should also point out that this approach is somewhat kludgey because of the inherent latency problems when the session is close to expiration. But I don't know of a rock solid approach. You just have to have the timer pop sufficiently sooner than the session expiration -- for some value of "sufficient". > > > I am working with tomcat 7.0.20 and JDBCRealm for authentication. > > > > Thanks in advance. > > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
