JSF Session Expired Timeout Solution
Posted February 21, 2008
on:- In: J2EE | Java | Java EE | JSF | SEAM | Tips and Tricks | Web Application
- 16 Comments
With JSF, a clean Session expiry or timeout is not easy to implement. So, I would like to post a solution that you can integrate it as out-of-box with your JSF applications.
Here is a better version of code with syntax highlight:
http://techieexchange.blogspot.com/2008/02/jsf-session-expiry-timeout-solution.html
Step 1:
/** * When the user session timedout, ({@link #sessionDestroyed(HttpSessionEvent)}) method will be invoked. * This method will make necessary cleanups (logging out user, updating db and audit logs, etc…) * As a result; after this method, we will be in a clear and stable state. So nothing left to think about * because session expired, user can do nothing after this point. * * Thanks to hturksoy **/
} public void sessionDestroyed(HttpSessionEvent event) { // get the destroying session… HttpSession session = event.getSession(); System.out.println(“Current Session destroyed :” + session.getId() + ” Logging out user…”); /* * nobody can reach user data after this point because session is invalidated already. * So, get the user data from session and save its logout information * before losing it. * User’s redirection to the timeout page will be handled by the SessionTimeoutFilter. */
* Clean your logout operations. */ public void prepareLogoutInfoAndLogoutActiveUser(HttpSession httpSession) { // Only if needed } }
Step 2:
/**
// “login.seam” if you use Jboss Seam otherwise “login.jsf” / “login.xhtml” or whatever private String timeoutPage = “login.seam”; public void init(FilterConfig filterConfig) throws ServletException { } public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { if ((request instanceof HttpServletRequest) && (response instanceof HttpServletResponse)) { HttpServletRequest httpServletRequest = (HttpServletRequest) request; HttpServletResponse httpServletResponse = (HttpServletResponse) response; // is session expire control required for this request? if (isSessionControlRequiredForThisResource(httpServletRequest)) { // is session invalid?
System.out.println(“Session is invalid! redirecting to timeoutpage : “ + timeoutUrl);
httpServletResponse.sendRedirect(timeoutUrl); return; } } } filterChain.doFilter(request, response); } /* * session shouldn’t be checked for some pages. For example: for timeout page..
Step 3:
Web.xml<listener>
<listener-class> com.fpc.carconfig.session.MySessionListener </listener-class> </listener><filter> <filter-name>SessionTimeoutFilter</filter-name>
To check whether this solution works:
Change session timeout to 1 minute in web.xml like this: <session-config> <session-timeout>1</session-timeout>
Feel free to share your comments.
16 Responses to "JSF Session Expired Timeout Solution"
Great Article! I have a question though.
Is there any chance that once the timeout expires, the application redirects the user to the timeout page without waiting for the user to make another move?
Thanks!
I tested with that, it run fine, but there is a problem.
It run twice, anyone have had the same problem same me
StringUtils() not workig for me… i am using ibm/rad
i went url which u posted to get it done….
but can you tel me wat and where i download sources or binary and all those and how do i integrate to my IDE…
should i use or integrate jars like thing(adding Externa jars)
help me
thanks
For some reason, I don’t see control going in to Filter any time even after giving a URL pattern of *.*
Is there any thing I am missing?
some reason, I don’t see control going in to Filter any time even after giving a URL pattern of *.*
Is there any thing I am missing?
I am using Struts and I see the control going in to init() method of Filter but it never got in to doFilter() method. Can someone help me?
Nice solution, but how to use the resource bundle inside the SessionTimeoutFilter
I am having in login page
and adding error message as follows in the backing bean.
————————————————————————————
FacesContext facesContext = FacesContext.getCurrentInstance();
FacesMessage message = new FacesMessage(severity, summary, detail);
facesContext.addMessage(clientId, message);
————————————————————————————
The error is NullPointerException, while adding messages.
you cant use ‘FacesContext.getCurrentInstance()’ in the filte b/c there is no faces context -> FacesContext.getCurrentInstance() returns ‘null’
so thats why you get the nullpointer if accessing facesContext.someThing
Hi.
Anybody knows how to add the browser close button, so I can invalidate my session when the users clicks on this button.
thanks
what about redirecting if an ajax / jquery request is used?
your way works fine if you dont have an ajax request. otherwise the ‘httpServletResponse.sendRedirect(timeoutUrl);’ is fired but swallowed by the browser using jsf 1.2 (for jsf 2.0 there are other solutions)
Hi your solution helped me a lot. but i have a problem like when the user clicks the logout button i am invalidating the session. so it automatically going to the sessionexpiry page. how to differentiate this.
Hi all,
I need to intimate user before 2 min of session expiry. and i have to provide option for further extending session. Please help to do this.
1 | Fedrus
March 6, 2008 at 8:46 am
Hi, thank you very much for you article!
But happen question.
Please cane you add StringUtils class to this article because in
antlr.StringUtils i no found contains() method and
please can you describe isSessionControlRequiredForThisResource() more detail
mike
October 6, 2010 at 5:45 pm
I think he is using stringutils from apache commons not from antlr.