JSF auto-exit

Question

JSF auto-exit

I have a JSF application and you want the user to automatically log out after a period of inactivity. Is there a standard way to do this?

+1

java jsp jsf

Stella peristeraki 01 Oct '09 at 11:13

source share

1 answer

romaintaz · Accepted Answer · 2009-10-01T11:42:13+0000

Typically, the server (Tomcat, Glassfish ...) that hosts the web application handles the timeout for the session.

For example, in Tomcat, you can determine the session timeout for a specific web application by adding the following lines to the web.xml :

 <session-config> <session-timeout>30</session-timeout> </session-config>

This will set the timeout to 30 minutes.

If the user does not send any request for a time longer than this specific timeout, the session on the server is invalid. If a user tries to reconnect after a session has been declared invalid, he will usually be redirected to another page or to a page with an error.

You can create your own JSF filter that automatically redirects the user to the timeout.html page. Here is an example of such a filter:

 public class TimeoutFilter implements Filter { private static final String TIMEOUT_PAGE = "timeout.html"; private static final String LOGIN_PAGE = "login.faces"; public void init(FilterConfig filterConfig) throws ServletException { } public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { if ((request instanceof HttpServletRequest) && (response instanceof HttpServletResponse)) { HttpServletRequest requestHttp = (HttpServletRequest) request; HttpServletResponse responseHttp = (HttpServletResponse) response; if (checkResource(requestHttp)) { String requestPath = requestHttp.getRequestURI(); if (checkSession(requestHttp)) { String timeoutUrl = hRequest.getContextPath() + "/" + TIMEOUT_PAGE; responseHttp.sendRedirect(timeoutUrl); return; } } filterChain.doFilter(request, response); } private boolean checkResource(HttpServletRequest request) { String requestPath = request.getRequestURI(); return !(requestPath.contains(TIMEOUT_PAGE) || requestPath.contains(LOGIN_PAGE) || requestPath.equals(hRequest.getContextPath() + "/")); } private boolean checkSession(HttpServletRequest request) { return request.getRequestedSessionId() != null && !request.isRequestedSessionIdValid(); } public void destroy() { } }

JSF auto-exit

More articles: