JSF Session Expired Timeout Solution
Posted February 21, 2008
on:- In: J2EE | Java | Java EE | JSF | SEAM | Tips and Tricks | Web Application
- 16 Comments
With JSF, a clean Session expiry or timeout is not easy to implement. So, I would like to post a solution that you can integrate it as out-of-box with your JSF applications.
Here is a better version of code with syntax highlight:
http://techieexchange.blogspot.com/2008/02/jsf-session-expiry-timeout-solution.html
Step 1:
/** * When the user session timedout, ({@link #sessionDestroyed(HttpSessionEvent)}) method will be invoked. * This method will make necessary cleanups (logging out user, updating db and audit logs, etc…) * As a result; after this method, we will be in a clear and stable state. So nothing left to think about * because session expired, user can do nothing after this point. * * Thanks to hturksoy **/
} public void sessionDestroyed(HttpSessionEvent event) { // get the destroying session… HttpSession session = event.getSession(); System.out.println(“Current Session destroyed :” + session.getId() + ” Logging out user…”); /* * nobody can reach user data after this point because session is invalidated already. * So, get the user data from session and save its logout information * before losing it. * User’s redirection to the timeout page will be handled by the SessionTimeoutFilter. */
* Clean your logout operations. */ public void prepareLogoutInfoAndLogoutActiveUser(HttpSession httpSession) { // Only if needed } }
Step 2:
/**
// “login.seam” if you use Jboss Seam otherwise “login.jsf” / “login.xhtml” or whatever private String timeoutPage = “login.seam”; public void init(FilterConfig filterConfig) throws ServletException { } public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { if ((request instanceof HttpServletRequest) && (response instanceof HttpServletResponse)) { HttpServletRequest httpServletRequest = (HttpServletRequest) request; HttpServletResponse httpServletResponse = (HttpServletResponse) response; // is session expire control required for this request? if (isSessionControlRequiredForThisResource(httpServletRequest)) { // is session invalid?
System.out.println(“Session is invalid! redirecting to timeoutpage : “ + timeoutUrl);
httpServletResponse.sendRedirect(timeoutUrl); return; } } } filterChain.doFilter(request, response); } /* * session shouldn’t be checked for some pages. For example: for timeout page..
Step 3:
Web.xml<listener>
<listener-class> com.fpc.carconfig.session.MySessionListener </listener-class> </listener><filter> <filter-name>SessionTimeoutFilter</filter-name>
To check whether this solution works:
Change session timeout to 1 minute in web.xml like this: <session-config> <session-timeout>1</session-timeout>
Feel free to share your comments.
16 Responses to "JSF Session Expired Timeout Solution"
![](https://s0.wp.com/wp-content/themes/pub/albeo/images/com-top.png)
Great Article! I have a question though.
Is there any chance that once the timeout expires, the application redirects the user to the timeout page without waiting for the user to make another move?
Thanks!
![](https://s0.wp.com/wp-content/themes/pub/albeo/images/com-bot.png)
![](https://s0.wp.com/wp-content/themes/pub/albeo/images/com-top.png)
I tested with that, it run fine, but there is a problem.
It run twice, anyone have had the same problem same me
![](https://s0.wp.com/wp-content/themes/pub/albeo/images/com-bot.png)
![](https://s0.wp.com/wp-content/themes/pub/albeo/images/com-top.png)
StringUtils() not workig for me… i am using ibm/rad
i went url which u posted to get it done….
but can you tel me wat and where i download sources or binary and all those and how do i integrate to my IDE…
should i use or integrate jars like thing(adding Externa jars)
help me
thanks
![](https://s0.wp.com/wp-content/themes/pub/albeo/images/com-bot.png)
![](https://s0.wp.com/wp-content/themes/pub/albeo/images/com-top.png)
For some reason, I don’t see control going in to Filter any time even after giving a URL pattern of *.*
Is there any thing I am missing?
![](https://s0.wp.com/wp-content/themes/pub/albeo/images/com-top.png)
some reason, I don’t see control going in to Filter any time even after giving a URL pattern of *.*
Is there any thing I am missing?
![](https://s0.wp.com/wp-content/themes/pub/albeo/images/com-bot.png)
![](https://s0.wp.com/wp-content/themes/pub/albeo/images/com-bot.png)
![](https://s0.wp.com/wp-content/themes/pub/albeo/images/com-top.png)
I am using Struts and I see the control going in to init() method of Filter but it never got in to doFilter() method. Can someone help me?
![](https://s0.wp.com/wp-content/themes/pub/albeo/images/com-bot.png)
![](https://s0.wp.com/wp-content/themes/pub/albeo/images/com-top.png)
Nice solution, but how to use the resource bundle inside the SessionTimeoutFilter
I am having in login page
and adding error message as follows in the backing bean.
————————————————————————————
FacesContext facesContext = FacesContext.getCurrentInstance();
FacesMessage message = new FacesMessage(severity, summary, detail);
facesContext.addMessage(clientId, message);
————————————————————————————
The error is NullPointerException, while adding messages.
![](https://s0.wp.com/wp-content/themes/pub/albeo/images/com-top.png)
you cant use ‘FacesContext.getCurrentInstance()’ in the filte b/c there is no faces context -> FacesContext.getCurrentInstance() returns ‘null’
so thats why you get the nullpointer if accessing facesContext.someThing
![](https://s0.wp.com/wp-content/themes/pub/albeo/images/com-bot.png)
![](https://s0.wp.com/wp-content/themes/pub/albeo/images/com-bot.png)
![](https://s0.wp.com/wp-content/themes/pub/albeo/images/com-top.png)
Hi.
Anybody knows how to add the browser close button, so I can invalidate my session when the users clicks on this button.
thanks
![](https://s0.wp.com/wp-content/themes/pub/albeo/images/com-bot.png)
![](https://s0.wp.com/wp-content/themes/pub/albeo/images/com-top.png)
what about redirecting if an ajax / jquery request is used?
your way works fine if you dont have an ajax request. otherwise the ‘httpServletResponse.sendRedirect(timeoutUrl);’ is fired but swallowed by the browser using jsf 1.2 (for jsf 2.0 there are other solutions)
![](https://s0.wp.com/wp-content/themes/pub/albeo/images/com-bot.png)
![](https://s0.wp.com/wp-content/themes/pub/albeo/images/com-top.png)
Hi your solution helped me a lot. but i have a problem like when the user clicks the logout button i am invalidating the session. so it automatically going to the sessionexpiry page. how to differentiate this.
![](https://s0.wp.com/wp-content/themes/pub/albeo/images/com-bot.png)
![](https://s0.wp.com/wp-content/themes/pub/albeo/images/com-top.png)
Hi all,
I need to intimate user before 2 min of session expiry. and i have to provide option for further extending session. Please help to do this.
![](https://s0.wp.com/wp-content/themes/pub/albeo/images/com-bot.png)
March 6, 2008 at 8:46 am
Hi, thank you very much for you article!
But happen question.
Please cane you add StringUtils class to this article because in
antlr.StringUtils i no found contains() method and
please can you describe isSessionControlRequiredForThisResource() more detail
October 6, 2010 at 5:45 pm
I think he is using stringutils from apache commons not from antlr.