say for instance you have the session timeout set for an application to default which is 30 min. You have a page which is written using spring and jstl tags. The jsp page is connected to the controller. In the jsp i am checking one of the session objects to see if it still exist. If yes good if not then send the user back to the index page which is the login page. However it is frustrating sometime because if the form is big then the user has to login back and fill out the form fields. Is it possible to set the session timeout to one hour for just this one page instead of changing the whole application session ?.
I don't want to refresh the page through a javscript as i will loose all of the form fields. Any input example will be great.
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
on server set it to 1 hour...
also, put these logic to your all pages...
on session_start
session("session_created")
on every page
if session_timeout goto login page
if (page <> my long page) and (now - session("last_activity") >20) logout (or session.abondon) ; go to login page
what we are doing is setting actual server timeout to 1 hour, but programatically we are setting it to 20 min (for all pages but your long page)
what about just inserting a hidden iframe into your long page, which refreshes the tiny page every 10-20 minutes?
<iframe src="refresh.asp" width=0 height=0/>
and refresh.asp is just a dummy page like this:
<html>
<head>
<meta http-equiv="refresh" content="600">
<title>refresh</title>
</head>
<body><body>
</html>
Murali the only issue is that i am using spring framework so i have a controller. However i see in your code you are referencing it to a servlet.
req.open("POST", "/servlet/SessionHandler",
I do have a listener class by the name of SessionTracking and over there i implemented HttpSessionListener. In this class i am setting the session time and redirecting it to the login page if there is no session in sessionDestroyed() method.
I don't want to do anything with the login servlet where it sets all the session as it might break something. Just concerned.
HttpSessionListener would get triggered for the session creation/destroy period. Actually if you set session timeout as say 45 mins thn you need to hit the server atleast 5 mins well in advance to reset ur session timeout automatically. For achieving this you need to have a servlet or a controller re-directed to some class where u just return some unique id(userid) for validating the session.
This cycle of giving a hit to server before 5 mins would reset ur session timeout and there by the HttpSessionListener would not be triggered. You can possibly have a indivdual servlet for this purpose or a seperate controller (my knowledge on Spring Controller is limited).
-Murali*
Thanks for your response. Actually i know what an HttpSessionListener will do which i was sure will not achieve the desire result which i am trying to accomplish as you stated in the comment. I am using a MultiActionController and in one of the methods (which is 'Insert' method which inserts the values in the DB) i am already getting the userid from the session. So if the session is not active then a blank page is displayed. However if i write something like this in my jsp :-
<%
session = request.getSession(false);
//now check if the userId is null from the session
//if it is then set the header and redirect the user to the login page
%>
then the user is redirected to the login page. Now if you think this will not work then i think as per you i need to create a seperate servlet which will just have a simple method of getting the useid or validating if the session is still active. And then make it available in web.xml and then use the Ajax code you posted in my long page ? Correct ?
Lastly it looks like the function you posted i will be putting it in my jsp and calling promptuser method in body onload ?
Yes you are correct.
Actually u need to place the functions all in a single .js file and include to the page where u need it.
It would automatically call the servelt or controller at( 25 * 60 * 1000) 25th minute (you can change it as necessary). setSessionTimeout(); would be executed automatically and you need not to call any function explicitly.
i have a additional function msgToUser(){ } where u can redirect to a login page if session has already expired.
Murali. Thanks. I was able to create a servlet and was able to achieve the desired result. Although i must admit that this is a perfect solution for keeping the session alive for a specific page without changing the session timeout. I had alot of other senarios to consider like get the session Id and then increase the timeout for that session. But your example was much more helpful than anyone else.
I will urge to create a blog if possible because while searching on google i could'nt find any good resource on AJAX implementation of refreshing page. Your blog will definitely help other users out just like. Thanks .
For some reason when i do an alert in aler(userid) i get undefinied. Could you tell me why ?. It makes the call to the servlet and i can get the userid from the log statement but when i try to print on the JS function in sessionextend i get undefined for the userid.
Can you tell me what i am doing wrong murali ?
I found what the problem was.So when i press ok for the pop up message to extend the session before 5 min of expiring apparently it is suppose to ping my servlet and should refresh the session correct ?. However after clicking ok if i stay idle on the same page for a little 10 more min and click submit on the form i get a null pointer in my controller. In my controller i am getting the userid from session and It states that the userId which i am getting from the session is null ? could you tell me why is it doing that ?
Hi Michael,
So when i press ok for the pop up message to extend the session before 5 min of expiring apparently it is suppose to ping my servlet and should refresh the session correct ?
>> Yes you are correct. But remember u cannot leave the alert for 5+ mins and then click on the "OK" to make the session extension. Because from the time it shows the alert it counts. So if you click on "OK" immediately after seeing the alert it should extend the session. By extension we mean the session-timeout reset.
could you tell me why is it doing that ?
>> could you make sure your session is still active before u get the userid from session in ur controller?.
Thank you Murali for your comments. So i clicked Ok before 5 min of my session expiring. And then i stay idle for 10 min and then when i click submit on my form my onBindAndValidate() method gets invoked. In that method i am getting the userId and couple of other stuff from the session. I added some log statements and then came to know that i receive a null pointer exception on :-
String user = (String)request.getSession
log.info("user is " + user );
I get a null pointer on :-
String user = (String)request.getSession
meaning that the session is not alive. What could be the problem ?. I can see that the PingSession servlet does get call when i click ok but session never gets extended.
Make sure the setTimeOut() has the timer value exactly 5 mins before session timeout.
Also ignore using false in getSession().
String user = (String)request.getSession
Could you also add log statement to OnsessionDestroyed in your session listener, to check when ur session is destroyed?.
I don't think request.getSession(false) will make any difference. However i did put some logger statements in my listener on timing when the session is created and destroyed. Now i saw it created a session 2 min earlier and now monitoring to see when it will be destroyed. I will check in 30 min with that ajax implementation function also to see if my session gets expired earlier or not.
in setMaxInterval of listener i setted to 1800 which means 30 min. Will update in 30 min
I am sorry i did'nt get you murali ? In my JS i have set the timeout to :-
//25 min for prompt
setTimeout('promptUser()',
Now when i click ok in the pop up message i saw my servlet get called PingSession. I printed the userid and the XML does have the userId. But after 5 min of clicking OK in the pop up message i saw the log printed that the session is destroyed also. Why the session got destroyed in the listener when i did ping the servlet through the AJAX function also ?
Business Accounts
Answer for Membership
by: MuraliKanthPosted on 2009-09-22 at 19:24:23ID: 25399582
use the following AJAX code to alert the user about extending the session.
Ajax will not reload /refresh the whole page and its ideal to use.
//servlet code
session = request.getSession();
StringBuffer xml = new StringBuffer();
xml.append("<?xml version=\"1.0\"?>\n");
xml.append("<session userid=\"" + (String)session.getAttribu
xml.append("</session>\n");
response.setContentType("t
response.getWriter().write
response.getWriter().flush
Select allOpen in new window