re login and the page what you visited


suppose you got a session timeout  and u are forced to re login.
after re login how can you go back to the page  where you were earlier ?

cofactorAsked:
Who is Participating?
 
bloodredsunCommented:
Yep,that's exactly it except it needs to be like this.

session.setAttribute("flag" , "true")
session.invalidate();

which means that when a session is destroyed, the flag is actually in the session
0
 
bloodredsunCommented:
You could implement a Listener that listens for the finsihing of a session see here, http://www.unix.org.ua/orelly/java-ent/servlet/ch07_05.htm, specifically one that implements HttpSessionListener  and listens for sessionDestroyed(). You may need to implement somehting on your page or better yet a filter that puts the last known location into the session.

Once you have this then you can store the information in a database and redirect the user to the appropriate page when the next login.
0
 
cofactorAuthor Commented:
let me clarify more to my question.

actually  i want if the user goes idle for 30 mints then he need to re login and then he would be allowed to see the  page where he was.


0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

 
bloodredsunCommented:
That's what I answered using session destruction using JSP.

Session expiration is handled by the container, e.g. tomcat, and is typically 30 mins. This can be configured in the web.xml.

To know that a user's session has been destroyed you need to implement a listener as I speciifed above. When the users session expires, a value is written to to the database saying his location when his session expired. When he next logs in, he can be taken to the page he was last at by chcking the database for that location.
0
 
searlasCommented:
No need for a database or a session listener; this is pretty simple really.

1) Detect whether user is logged in, if not save request url in session and redirect to login page
2) After validating login, redirect to url from session.

In JSP I guess you'd have something like:
<%
  if (... not logged in...) {
    String uri = request.getRequestURI();
    // ... rememeber to append query string parameters if they're important to your app

    request.getSession().setAttribute("original URL session key", uri);
    response.sendRedirect("login.jsp");
  }
%>

Some useful (relevant) javadoc:
http://java.sun.com/products/servlet/2.2/javadoc/javax/servlet/http/HttpSession.html#isNew()
http://java.sun.com/products/servlet/2.2/javadoc/javax/servlet/http/HttpServletRequest.html#getRequestURI()
http://java.sun.com/products/servlet/2.2/javadoc/javax/servlet/http/HttpServletResponse.html#sendRedirect(java.lang.String) 
0
 
bloodredsunCommented:
searlas, your method works for a non-authenticated user requesting a protected page, being taken to a login page to login and then back to the original requested page. Unfortunately what it doesn't do is return a user to the last previously browsed page prior to their session being lost so that when they login back in, they are taken automatically to the last page they were browsing.

The method you have proposed is very good but utimately, I believe it could be more easily acheived with javascript, using either history.go(-1) or the document.referer property as is commonly done when sites take you to a mandatory Terms and Conditions page before setting a cookie for acceptance.
0
 
cofactorAuthor Commented:
few moore question  from ur comments......


>When the users session expires, a value is written to to the database saying his location when his session expired

what is that value i  should write into DB ?




i guess you mean to code like this....


dummy code
==========


public final class SessionHandler implements HttpSessionListener {
 
{


// blah blah



    public void sessionDestroyed(HttpSessionEvent event) {
     
 
 // WHAT  should i write here into DB ?
     
     
     
}

0
 
bloodredsunCommented:
I would have a table in the db that has the username as the primary key and the page they last visited. So your code is:

 public void sessionDestroyed(HttpSessionEvent event) {
     
//get connection code, blah blah
Statement stmt = con.createStatement();
stmt.executeUpdate("insert into lastViewedPageTable '" + lastViewedPage + "' where Username = '"+ userName+"'");
}
 

then in login

public void login( String pUserName , String pPassword){
    //get connection code, blah blah
    //authenticate user
Statement stmt = con.createStatement();
    ResultSet rs = stmt.executeQuery("select lastViewedPage from lastViewedPageTable  where Username = '" +pUserName+"' ");
    while(rs.next){
         String lastViewedPage = rs.getString("lastViewedPage ");
    }
    RequestDispatcher rd = request.getRequestDispatcher(lastViewedPage  );
    rd.forward(request, response) ;

}

This code is full of holes but it will give you the right idea. You should be looking to use a datasource and preparedStatements also.
0
 
searlasCommented:
bloodredsun,

I understand you're idea, but have you ever implemented it?  You seem to have skated over how you maintain the 'lastViewedPage' variable used in the sessionDestroyed variable.  Presumably this would have to be extracted from the session that's about to be destroyed, which means you have to have put it in there already.

So, are you saying that every servlet/JSP must updated the 'lastViewedPage' attribute in the users session just before they send the page out to the user?

As for using the referrer header, I think that would have problems whenever the servlet has internally forwarded from one servlet to another (or JSP to JSP.)  In this case, the browser wouldn't know the real URL of the page you are looking at... therefore using the referrer property would not allow you to identify which page the user was actually looking at before.

If you can describe a way of maintaining lastViewedPage that'd be great; otherwise I think the best option is to use the getRequestURI method to find out which page the user is trying to get to, not what they were already looking at.


0
 
bloodredsunCommented:
>>I understand you're idea, but have you ever implemented it?  
Yes, I wrote a clickstream logging system that logged the entire journey of a user on the site, kind of like a mini webtrends. This was then written to a log file which could then be analysed and the ouput written into an Excel file.

>>So, are you saying that every servlet/JSP must updated the 'lastViewedPage' attribute in the users session just before they send the page out to the user?
Nope, you do that in a filter. I don't know whether you've used filters but they can be regarded as speciliased "servlets" that may do pre and post processing of the request and the response. That means that none of your pages have any of this code in, just the filter to add the session attribute and the listener for the session death, so you only need to write 2 classes. All in all, very simple with a clean design and nicely Aspect-Orientated too.

0
 
cofactorAuthor Commented:
bloodredsun

i see a flaw in your code.

in your code every time  user will be redirected to the lastViewed page as  soon as he LOGS IN.


but actually i dont want that .

i want  if the user get a SESSION TIMEOUT  then  he will be redirected to last visited page  OTHERWISE( means if he does fresh login)  he should browse normally as we normally  do.

0
 
bloodredsunCommented:
Fine, set a a flag when you maually invalidate the session. This is looked for in the filter and sets the last viewed page in the db to the home page for example or the landing page.
0
 
cofactorAuthor Commented:
>Fine, set a a flag when you maually invalidate the session.

but i do it  in web.xml using session timeout flag ! and i  wont change it .


>This is looked for in the filter and sets the last viewed page in the db to the home page for example or the landing page.

ohh..no , not clear how you are going to implement  .  is my question clear ?
0
 
bloodredsunCommented:
>>but i do it  in web.xml using session timeout flag ! and i  wont change it .
That is the session time-out variable and if you don't manually invalidate someone, how can you tell whether they were just timed-out or logged-out?

>>ohh..no , not clear how you are going to implement  .  is my question clear ?
In the sessionDestroyed method look for a flag that you set when you log someone out


public void sessionDestroyed(HttpSessionEvent event) {
//get session

//check session for flag, if flag is found exit if not log their last viewed page.
if ((boolean)session.getAttribute("flag")){
//do stuff
}
}
0
 
cofactorAuthor Commented:
>That is the session time-out variable and if you don't manually invalidate someone, how can you tell whether they were just timed-out or logged-ou.

so i need to use like this

web.xml
========
// blah
<session-config>
    <session-timeout>60</session-timeout>   // FOR THE WHOLE APPLICATION
  </session-config>


logout.jsp
==========
// blah
session.invalidate();

//and a flag for that user who is logging out


is that OK

thanks
0
 
cofactorAuthor Commented:
ok, thanks . i have got my full answer. thank you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.