Implementing custom session expiration rule

[Marc Vaillancourt <ma...@gmail.com>]

I have a requirement to implement different session timeout values for
different user roles. What would be the most straightforward way to
accomplish this?

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

RE: Implementing custom session expiration rule

[Steve Kirk <to...@web-startup.co.uk>]

You could implement a filter that checked the time since last visit, and if
the session had expired according to your custom rule, invalidate the
session and redirect to appropriate page such as login.  You'd have to make
sure that the "default" session time set in server.xml was longer than the
max session time you wanted in your custom method, otherwise the browser
would time out the session for you if based on cookies.

I haven't used Filters, but as far as I understand the principles, I don't
think a redirect from within the filter code would upset anything.  I think
you can break out of the filter chain like this without problems.

> -----Original Message-----
> From: Marc Vaillancourt [mailto:marc.vaillancourt@gmail.com] 
> Sent: Thursday 26 May 2005 17:29
> To: tomcat-user@jakarta.apache.org
> Subject: Implementing custom session expiration rule
> 
> 
> I have a requirement to implement different session timeout values for
> different user roles. What would be the most straightforward way to
> accomplish this?
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org