You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Ravindra K. Bhat" <bh...@BPA.Arizona.EDU> on 2002/08/29 18:39:06 UTC
Log out Screen
Hi:
Where is the session time out set? and how do I redirect it to a
logout page once the session times out?
Thanks
Ravi
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Log out Screen
Posted by Srinadh Karumuri <sk...@bbn.com>.
Well...it depends on the type of application I guess.
We have a data entry application used mostly for entering weekly time
worked. We had lots of complaints where user thought he/she is still logged
in and entered the data for the whole week and pressed "Save" button. At
this point since the session has timed out user was sent to login screen
making user enter the data again.
-Sri
At 01:53 PM 8/29/2002, Mike Jackson wrote:
>Does it matter when the redirect is done? If the user sits on the page
>without the session being valid where's the problem with that? You
>just want to make sure that they are valid when the pages that are
>secured are being accessed.
>
>--mikej
>-=-----
>mike jackson
>mjackson@cdi-hq.com
>
> > -----Original Message-----
> > From: Srinadh Karumuri [mailto:skarumur@bbn.com]
> > Sent: Thursday, August 29, 2002 10:35 AM
> > To: Tomcat Users List
> > Subject: RE: Log out Screen
> >
> >
> > This redirection works only when user submits a form (when server is hit).
> > We cannot do automatic redirection using only Java.
> >
> > Other alternatives are:
> > 1. Use Javascript and have a timer (set value as
> > request.getSession().getMaxInactiveInterval()) to redirect the page
> > automatically.
> > 2. Use browser's META as below
> > <META HTTP-EQUIV=Refresh
> > CONTENT="<%= request.getSession().getMaxInactiveInterval() %>;
> > URL=/jsp/login.jsp;">
> >
> > -Sri
> >
> > At 12:54 PM 8/29/2002, Mike Jackson wrote:
> > >That works, but I'd use a servlet to manage all page accesses and a
> > >request dispatcher so that the user's machine doesn't know that it's
> > >been redirected.
> > >
> > >--mikej
> > >-=-----
> > >mike jackson
> > >mjackson@cdi-hq.com
> > >
> > > > -----Original Message-----
> > > > From: Dan Lipofsky [mailto:danlip@nuserve.com]
> > > > Sent: Thursday, August 29, 2002 9:48 AM
> > > > To: Tomcat Users List
> > > > Subject: Re: Log out Screen
> > > >
> > > >
> > > > Set the timeout in web.xml inside the <web-app> tags like this
> > > > <session-config>
> > > > <session-timeout>
> > > > 720 <!-- 720 minutes = 12 hrs -->
> > > > </session-timeout>
> > > > </session-config>
> > > >
> > > > To check for the timeout, store something in the session
> > > > when they log in, like this
> > > > session.putValue(StringConstants.USER_DATA,userInfo);
> > > > and then check it on each page like this
> > > > if (session.getValue(StringConstants.USER_DATA) == null) {
> > > > // redirect
> > > > }
> > > >
> > > > - Dan
> > > >
> > > > > Where is the session time out set? and how do I redirect it to a
> > > > > logout page once the session times out?
> > > >
> > > >
> > > >
> > > > --
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Log out Screen
Posted by Dan Lipofsky <da...@nuserve.com>.
> In most cases, this is true ... but I think everyone can agree that there
> is nothing more frustrating than filling out some web-based form with lots
> of information (takes a long time to complete), attempting to submit,
> running into a session timeout, and not being able to get back to the
> screen to retrieve the information. Although not necessarily elegant,
> running a javascript timer can certainly help avoid this in certain
> situations and alert the user to pending problems before they happen.
Bank Of America online checking does this.
It gives a pop-up warning before timeout, and
clicking OK resets the timer and prevents logout.
It's nice because I am often taking a break to
write a check or similar things while using their
site. Now if only their timeout wasn't so annoyingly short.
- Dan
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Log out Screen
Posted by Mike Jackson <mj...@cdi-hq.com>.
I usually save the data the user provided, validate them, then go back to
the real "process the form" page. Since the data's saved I then just pull
it and process giving them the success/fail message. I hadn't thought of
not saving the data, that would be really annoying.
--mikej
-=-----
mike jackson
mjackson@cdi-hq.com
> -----Original Message-----
> From: Justin Ruthenbeck [mailto:justinr@nextengine.com]
> Sent: Thursday, August 29, 2002 11:05 AM
> To: Tomcat Users List
> Subject: RE: Log out Screen
>
>
>
> In most cases, this is true ... but I think everyone can agree that there
> is nothing more frustrating than filling out some web-based form
> with lots
> of information (takes a long time to complete), attempting to submit,
> running into a session timeout, and not being able to get back to the
> screen to retrieve the information. Although not necessarily elegant,
> running a javascript timer can certainly help avoid this in certain
> situations and alert the user to pending problems before they happen.
>
> justin
>
> At 10:53 AM 8/29/2002, you wrote:
> >Does it matter when the redirect is done? If the user sits on the page
> >without the session being valid where's the problem with that? You
> >just want to make sure that they are valid when the pages that are
> >secured are being accessed.
> >
> >--mikej
> >-=-----
> >mike jackson
> >mjackson@cdi-hq.com
> >
> > > -----Original Message-----
> > > From: Srinadh Karumuri [mailto:skarumur@bbn.com]
> > > Sent: Thursday, August 29, 2002 10:35 AM
> > > To: Tomcat Users List
> > > Subject: RE: Log out Screen
> > >
> > >
> > > This redirection works only when user submits a form (when
> server is hit).
> > > We cannot do automatic redirection using only Java.
> > >
> > > Other alternatives are:
> > > 1. Use Javascript and have a timer (set value as
> > > request.getSession().getMaxInactiveInterval()) to redirect the page
> > > automatically.
> > > 2. Use browser's META as below
> > > <META HTTP-EQUIV=Refresh
> > > CONTENT="<%= request.getSession().getMaxInactiveInterval() %>;
> > > URL=/jsp/login.jsp;">
> > >
> > > -Sri
> > >
> > > At 12:54 PM 8/29/2002, Mike Jackson wrote:
> > > >That works, but I'd use a servlet to manage all page accesses and a
> > > >request dispatcher so that the user's machine doesn't know that it's
> > > >been redirected.
> > > >
> > > >--mikej
> > > >-=-----
> > > >mike jackson
> > > >mjackson@cdi-hq.com
> > > >
> > > > > -----Original Message-----
> > > > > From: Dan Lipofsky [mailto:danlip@nuserve.com]
> > > > > Sent: Thursday, August 29, 2002 9:48 AM
> > > > > To: Tomcat Users List
> > > > > Subject: Re: Log out Screen
> > > > >
> > > > >
> > > > > Set the timeout in web.xml inside the <web-app> tags like this
> > > > > <session-config>
> > > > > <session-timeout>
> > > > > 720 <!-- 720 minutes = 12 hrs -->
> > > > > </session-timeout>
> > > > > </session-config>
> > > > >
> > > > > To check for the timeout, store something in the session
> > > > > when they log in, like this
> > > > > session.putValue(StringConstants.USER_DATA,userInfo);
> > > > > and then check it on each page like this
> > > > > if (session.getValue(StringConstants.USER_DATA) == null) {
> > > > > // redirect
> > > > > }
> > > > >
> > > > > - Dan
> > > > >
> > > > > > Where is the session time out set? and how do I
> redirect it to a
> > > > > > logout page once the session times out?
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > To unsubscribe, e-mail:
> > > ><ma...@jakarta.apache.org>
> > > >For additional commands, e-mail:
> > > ><ma...@jakarta.apache.org>
> > > >
> > > >
> > > >
> > > >
> > > >--
> > > >To unsubscribe, e-mail:
> ><ma...@jakarta.apache.org>
> > >For additional commands, e-mail:
> ><ma...@jakarta.apache.org>
> >
> >
> >--
> >To unsubscribe, e-mail:
> ><ma...@jakarta.apache.org>
> >For additional commands, e-mail:
> ><ma...@jakarta.apache.org>
> >
> >
> >
> >
> >--
> >To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
>For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Log out Screen
Posted by Justin Ruthenbeck <ju...@nextengine.com>.
In most cases, this is true ... but I think everyone can agree that there
is nothing more frustrating than filling out some web-based form with lots
of information (takes a long time to complete), attempting to submit,
running into a session timeout, and not being able to get back to the
screen to retrieve the information. Although not necessarily elegant,
running a javascript timer can certainly help avoid this in certain
situations and alert the user to pending problems before they happen.
justin
At 10:53 AM 8/29/2002, you wrote:
>Does it matter when the redirect is done? If the user sits on the page
>without the session being valid where's the problem with that? You
>just want to make sure that they are valid when the pages that are
>secured are being accessed.
>
>--mikej
>-=-----
>mike jackson
>mjackson@cdi-hq.com
>
> > -----Original Message-----
> > From: Srinadh Karumuri [mailto:skarumur@bbn.com]
> > Sent: Thursday, August 29, 2002 10:35 AM
> > To: Tomcat Users List
> > Subject: RE: Log out Screen
> >
> >
> > This redirection works only when user submits a form (when server is hit).
> > We cannot do automatic redirection using only Java.
> >
> > Other alternatives are:
> > 1. Use Javascript and have a timer (set value as
> > request.getSession().getMaxInactiveInterval()) to redirect the page
> > automatically.
> > 2. Use browser's META as below
> > <META HTTP-EQUIV=Refresh
> > CONTENT="<%= request.getSession().getMaxInactiveInterval() %>;
> > URL=/jsp/login.jsp;">
> >
> > -Sri
> >
> > At 12:54 PM 8/29/2002, Mike Jackson wrote:
> > >That works, but I'd use a servlet to manage all page accesses and a
> > >request dispatcher so that the user's machine doesn't know that it's
> > >been redirected.
> > >
> > >--mikej
> > >-=-----
> > >mike jackson
> > >mjackson@cdi-hq.com
> > >
> > > > -----Original Message-----
> > > > From: Dan Lipofsky [mailto:danlip@nuserve.com]
> > > > Sent: Thursday, August 29, 2002 9:48 AM
> > > > To: Tomcat Users List
> > > > Subject: Re: Log out Screen
> > > >
> > > >
> > > > Set the timeout in web.xml inside the <web-app> tags like this
> > > > <session-config>
> > > > <session-timeout>
> > > > 720 <!-- 720 minutes = 12 hrs -->
> > > > </session-timeout>
> > > > </session-config>
> > > >
> > > > To check for the timeout, store something in the session
> > > > when they log in, like this
> > > > session.putValue(StringConstants.USER_DATA,userInfo);
> > > > and then check it on each page like this
> > > > if (session.getValue(StringConstants.USER_DATA) == null) {
> > > > // redirect
> > > > }
> > > >
> > > > - Dan
> > > >
> > > > > Where is the session time out set? and how do I redirect it to a
> > > > > logout page once the session times out?
> > > >
> > > >
> > > >
> > > > --
> > > > To unsubscribe, e-mail:
> > ><ma...@jakarta.apache.org>
> > >For additional commands, e-mail:
> > ><ma...@jakarta.apache.org>
> > >
> > >
> > >
> > >
> > >--
> > >To unsubscribe, e-mail:
><ma...@jakarta.apache.org>
> >For additional commands, e-mail:
><ma...@jakarta.apache.org>
>
>
>--
>To unsubscribe, e-mail:
><ma...@jakarta.apache.org>
>For additional commands, e-mail:
><ma...@jakarta.apache.org>
>
>
>
>
>--
>To unsubscribe, e-mail: <ma...@jakarta.apache.org>
>For additional commands, e-mail: <ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Log out Screen
Posted by Srinadh Karumuri <sk...@bbn.com>.
Small correction for method #2 (you need to convert it to seconds):
<META HTTP-EQUIV=Refresh
CONTENT="<%= request.getSession().getMaxInactiveInterval() * 60 %>;
URL=/jsp/login.jsp;">
At 01:34 PM 8/29/2002, you wrote:
>This redirection works only when user submits a form (when server is hit).
>We cannot do automatic redirection using only Java.
>
>Other alternatives are:
>1. Use Javascript and have a timer (set value as
>request.getSession().getMaxInactiveInterval()) to redirect the page
>automatically.
>2. Use browser's META as below
><META HTTP-EQUIV=Refresh
>CONTENT="<%= request.getSession().getMaxInactiveInterval() %>;
>URL=/jsp/login.jsp;">
>
>-Sri
>
>At 12:54 PM 8/29/2002, Mike Jackson wrote:
>>That works, but I'd use a servlet to manage all page accesses and a
>>request dispatcher so that the user's machine doesn't know that it's
>>been redirected.
>>
>>--mikej
>>-=-----
>>mike jackson
>>mjackson@cdi-hq.com
>>
>> > -----Original Message-----
>> > From: Dan Lipofsky [mailto:danlip@nuserve.com]
>> > Sent: Thursday, August 29, 2002 9:48 AM
>> > To: Tomcat Users List
>> > Subject: Re: Log out Screen
>> >
>> >
>> > Set the timeout in web.xml inside the <web-app> tags like this
>> > <session-config>
>> > <session-timeout>
>> > 720 <!-- 720 minutes = 12 hrs -->
>> > </session-timeout>
>> > </session-config>
>> >
>> > To check for the timeout, store something in the session
>> > when they log in, like this
>> > session.putValue(StringConstants.USER_DATA,userInfo);
>> > and then check it on each page like this
>> > if (session.getValue(StringConstants.USER_DATA) == null) {
>> > // redirect
>> > }
>> >
>> > - Dan
>> >
>> > > Where is the session time out set? and how do I redirect it to a
>> > > logout page once the session times out?
>> >
>> >
>> >
>> > --
>> > To unsubscribe, e-mail:
>><ma...@jakarta.apache.org>
>>For additional commands, e-mail:
>><ma...@jakarta.apache.org>
>>
>>
>>
>>
>>--
>>To unsubscribe, e-mail: <ma...@jakarta.apache.org>
>>For additional commands, e-mail: <ma...@jakarta.apache.org>
>
>
>--
>To unsubscribe, e-mail: <ma...@jakarta.apache.org>
>For additional commands, e-mail: <ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Log out Screen
Posted by Mike Jackson <mj...@cdi-hq.com>.
Does it matter when the redirect is done? If the user sits on the page
without the session being valid where's the problem with that? You
just want to make sure that they are valid when the pages that are
secured are being accessed.
--mikej
-=-----
mike jackson
mjackson@cdi-hq.com
> -----Original Message-----
> From: Srinadh Karumuri [mailto:skarumur@bbn.com]
> Sent: Thursday, August 29, 2002 10:35 AM
> To: Tomcat Users List
> Subject: RE: Log out Screen
>
>
> This redirection works only when user submits a form (when server is hit).
> We cannot do automatic redirection using only Java.
>
> Other alternatives are:
> 1. Use Javascript and have a timer (set value as
> request.getSession().getMaxInactiveInterval()) to redirect the page
> automatically.
> 2. Use browser's META as below
> <META HTTP-EQUIV=Refresh
> CONTENT="<%= request.getSession().getMaxInactiveInterval() %>;
> URL=/jsp/login.jsp;">
>
> -Sri
>
> At 12:54 PM 8/29/2002, Mike Jackson wrote:
> >That works, but I'd use a servlet to manage all page accesses and a
> >request dispatcher so that the user's machine doesn't know that it's
> >been redirected.
> >
> >--mikej
> >-=-----
> >mike jackson
> >mjackson@cdi-hq.com
> >
> > > -----Original Message-----
> > > From: Dan Lipofsky [mailto:danlip@nuserve.com]
> > > Sent: Thursday, August 29, 2002 9:48 AM
> > > To: Tomcat Users List
> > > Subject: Re: Log out Screen
> > >
> > >
> > > Set the timeout in web.xml inside the <web-app> tags like this
> > > <session-config>
> > > <session-timeout>
> > > 720 <!-- 720 minutes = 12 hrs -->
> > > </session-timeout>
> > > </session-config>
> > >
> > > To check for the timeout, store something in the session
> > > when they log in, like this
> > > session.putValue(StringConstants.USER_DATA,userInfo);
> > > and then check it on each page like this
> > > if (session.getValue(StringConstants.USER_DATA) == null) {
> > > // redirect
> > > }
> > >
> > > - Dan
> > >
> > > > Where is the session time out set? and how do I redirect it to a
> > > > logout page once the session times out?
> > >
> > >
> > >
> > > --
> > > To unsubscribe, e-mail:
> ><ma...@jakarta.apache.org>
> >For additional commands, e-mail:
> ><ma...@jakarta.apache.org>
> >
> >
> >
> >
> >--
> >To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
>For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Log out Screen
Posted by Srinadh Karumuri <sk...@bbn.com>.
This redirection works only when user submits a form (when server is hit).
We cannot do automatic redirection using only Java.
Other alternatives are:
1. Use Javascript and have a timer (set value as
request.getSession().getMaxInactiveInterval()) to redirect the page
automatically.
2. Use browser's META as below
<META HTTP-EQUIV=Refresh
CONTENT="<%= request.getSession().getMaxInactiveInterval() %>;
URL=/jsp/login.jsp;">
-Sri
At 12:54 PM 8/29/2002, Mike Jackson wrote:
>That works, but I'd use a servlet to manage all page accesses and a
>request dispatcher so that the user's machine doesn't know that it's
>been redirected.
>
>--mikej
>-=-----
>mike jackson
>mjackson@cdi-hq.com
>
> > -----Original Message-----
> > From: Dan Lipofsky [mailto:danlip@nuserve.com]
> > Sent: Thursday, August 29, 2002 9:48 AM
> > To: Tomcat Users List
> > Subject: Re: Log out Screen
> >
> >
> > Set the timeout in web.xml inside the <web-app> tags like this
> > <session-config>
> > <session-timeout>
> > 720 <!-- 720 minutes = 12 hrs -->
> > </session-timeout>
> > </session-config>
> >
> > To check for the timeout, store something in the session
> > when they log in, like this
> > session.putValue(StringConstants.USER_DATA,userInfo);
> > and then check it on each page like this
> > if (session.getValue(StringConstants.USER_DATA) == null) {
> > // redirect
> > }
> >
> > - Dan
> >
> > > Where is the session time out set? and how do I redirect it to a
> > > logout page once the session times out?
> >
> >
> >
> > --
> > To unsubscribe, e-mail:
><ma...@jakarta.apache.org>
>For additional commands, e-mail:
><ma...@jakarta.apache.org>
>
>
>
>
>--
>To unsubscribe, e-mail: <ma...@jakarta.apache.org>
>For additional commands, e-mail: <ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Log out Screen
Posted by Mike Jackson <mj...@cdi-hq.com>.
That works, but I'd use a servlet to manage all page accesses and a
request dispatcher so that the user's machine doesn't know that it's
been redirected.
--mikej
-=-----
mike jackson
mjackson@cdi-hq.com
> -----Original Message-----
> From: Dan Lipofsky [mailto:danlip@nuserve.com]
> Sent: Thursday, August 29, 2002 9:48 AM
> To: Tomcat Users List
> Subject: Re: Log out Screen
>
>
> Set the timeout in web.xml inside the <web-app> tags like this
> <session-config>
> <session-timeout>
> 720 <!-- 720 minutes = 12 hrs -->
> </session-timeout>
> </session-config>
>
> To check for the timeout, store something in the session
> when they log in, like this
> session.putValue(StringConstants.USER_DATA,userInfo);
> and then check it on each page like this
> if (session.getValue(StringConstants.USER_DATA) == null) {
> // redirect
> }
>
> - Dan
>
> > Where is the session time out set? and how do I redirect it to a
> > logout page once the session times out?
>
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Log out Screen
Posted by Dan Lipofsky <da...@nuserve.com>.
Set the timeout in web.xml inside the <web-app> tags like this
<session-config>
<session-timeout>
720 <!-- 720 minutes = 12 hrs -->
</session-timeout>
</session-config>
To check for the timeout, store something in the session
when they log in, like this
session.putValue(StringConstants.USER_DATA,userInfo);
and then check it on each page like this
if (session.getValue(StringConstants.USER_DATA) == null) {
// redirect
}
- Dan
> Where is the session time out set? and how do I redirect it to a
> logout page once the session times out?
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Log out Screen
Posted by "Ravindra K. Bhat" <bh...@BPA.Arizona.EDU>.
how do you reset the logout time and redirect to the login page?
ravi
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Log out Screen
Posted by Mike Jackson <mj...@cdi-hq.com>.
If the session expires aren't they already logged out? You don't
have any state for them saved at that point. It'd make more
sense (to me at least) to redirect at that point to a login page.
--mikej
-=-----
mike jackson
mjackson@cdi-hq.com
> -----Original Message-----
> From: Ravindra K. Bhat [mailto:bhat@BPA.Arizona.EDU]
> Sent: Thursday, August 29, 2002 9:39 AM
> To: Tomcat Users List
> Subject: Log out Screen
>
>
> Hi:
>
> Where is the session time out set? and how do I redirect it to a
> logout page once the session times out?
>
> Thanks
> Ravi
>
>
>
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>