Geek Answers Handbook

What is a method for competent session timeout management?

Problem: I’m on some page of my application and am leaving for a while. Returning and clicking on the link, I get the message "Failed to restore viewID". The same thing happens when updating.

I can start a new session, but I need to manually change the URL as follows:

Active Address Window:

http://localhost:8080/myapp/index.xhtml?windowId=e9d

in

 http://localhost:8080/myapp/index.xhtml

Then a new session is established, and the user must log back in to what I want.

In researching how to deal with this, I see many “solutions” that basically support the session, using client-side Javascript to periodically send requests to save the session. Personally, I do not consider this a desirable solution.

What I want is when the session time ends, all subsequent requests to any non-public page need to be redirected to index.xhtml. Links to pages that do not require login must go through a new session object. It is preferable that this be handled using only specific JSF 2 objects, but I don't mind writing a Servlet filter if that is what is required.

Can someone provide a link to what I missed?

+1
jsf-2
source share
1 answer

Do it in Filter , yes. You can use HttpServletRequest#getRequestedSessionId() to check if the client sent a session cookie and HttpServletRequest#isRequestedSessionIdValid() to check if it is valid (i.e. the session has not expired on the server side):

 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException { HttpServletRequest req = (HttpServletRequest) request; HttpServletRequest res = (HttpServletResponse) response; if (req.getRequestedSessionId() != null && !req.isRequestedSessionIdValid()) { res.sendRedirect(req.getContextPath() + "/index.xhtml"); } else { chain.doFilter(request, response); } }

But this raises another question: how exactly do you filter registered users? If the session has expired, the user will no longer be logged in, right? Instead, you can simply check the filter if the user is logged in or not.

+4
source share

More articles:


All Articles