Thursday, August 4, 2011

Simple Session Timeout Handling with Seam/JSF/Facelets

I took Christian's great post http://relation.to/Bloggers/ImplementingGracefulSessionTimeoutWithSeamJSFAndJQuery and simplified it for my use.  My solution uses the same session checking mechanism, but assumes all pages should be handled the same, and that we just want to kick the user back to the landing page instead of the fancy stuff Christian did. Leave a comment if you need any of the code explained.

I'm assuming you're using Facelets, so you have some layout.xhtml (or whatever) that all your pages are using.  Just add this to the <head>:

<s:remote include="httpSessionChecker"/>
<script type="text/javascript">
var sessionChecker = Seam.Component.getInstance("httpSessionChecker");


   function alertTimeout(newSession) {
       if (newSession) {
           clearInterval(sessionTimeoutInterval);
           window.location = '#{facesContext.externalContext.request.contextPath}';
           alert('Your session has expired.  You have been logged out.');
       }
   }


        var sessionTimeoutInterval = setInterval('sessionChecker.isNewSession(alertTimeout)', '#{httpSessionChecker.timeout}'*1000+3000);
</script>


For Seam Remoting, add the jboss-seam-remoting.jar to your project and this to your web.xml:

 <servlet>
  <servlet-name>Seam Resource Servlet</servlet-name>
  <servlet-class>org.jboss.seam.servlet.SeamResourceServlet</servlet-class>
 </servlet>
 <servlet-mapping>
  <servlet-name>Seam Resource Servlet</servlet-name>
  <url-pattern>/seam/resource/*</url-pattern>
 </servlet-mapping>



Create the HttpSessionChecker (modified from Christian's):


@Name("httpSessionChecker")
@Scope(ScopeType.APPLICATION)
public class HttpSessionChecker {

@WebRemote
    public boolean isNewSession() {
return ServletContexts.instance().getRequest().getSession().isNew();
    }

public int getTimeout() {
return ServletContexts.instance().getRequest().getSession().getMaxInactiveInterval();
}
}

For simplicity and safety, your best bet is to match all of the timeout times.  You want to match your web.xml, components.xml, and the server timeout.  Here's 30 minutes for all of them (a normal default):

  • your web.xml
 <session-config>
  <session-timeout>30</session-timeout>
 </session-config>
  • components.xml
<core:manager concurrent-request-timeout="500"
conversation-timeout="1800000" conversation-id-parameter="cid"
parent-conversation-id-parameter="pid" />
  • C:\jboss-5.1.0.GA\server\default\deployers\jbossweb.deployer\web.xml
   <session-config>
      <session-timeout>30</session-timeout>
   </session-config>

That should be it.  Now if they leave any page for 30 minutes, it will redirect them to the landing page, and alert them that their session expired.  Its not fancy, but its a good default to start with.

8 comments:

  1. seems as great approach, but if the server did not release the session within alotted amount of time (3 seconds in your example), then keeps session going...tried in Tomcat and the session is still active even after 10 seconds...

    ReplyDelete
  2. Hey dm, thanks for the comment. The timeout should be 30 minutes in this example. You could crank it down to 1 minute and test again. If it still doesn't work, let me know. I'd be interested to see what's going on.

    ReplyDelete
  3. This is a great start for session timeout handling. wanted to know if autologin could be possible after session timeout/session killed,

    Srinath

    ReplyDelete
    Replies
    1. That would depend on how you're doing auth, but it sounds like you want to simulate the session never timing out. Maybe just increase the timeouts?

      Delete
  4. But it's working fine for if we are opening browser with one tab it will display popup message.but if it's not working whenever we are opening browser with multiple tabs it's not displaying popup message in two tabsany modification is required.give me any suggestion

    ReplyDelete
    Replies
    1. Good question. I haven't tested that. I'll look into it.

      Delete
  5. Hi, Its not working for me... The popup message will not display. Please help me.

    ReplyDelete
  6. Hey Rajesh, I'm not working with JSF anymore. I'm probably not much help.

    ReplyDelete