I'm assuming you're using Facelets, so you have some layout.xhtml (or whatever) that all your pages are using. Just add this to the <head>:
<s:remote include="httpSessionChecker"/>
<script type="text/javascript">
var sessionChecker = Seam.Component.getInstance("httpSessionChecker");
function alertTimeout(newSession) {
if (newSession) {
clearInterval(sessionTimeoutInterval);
window.location = '#{facesContext.externalContext.request.contextPath}';
alert('Your session has expired. You have been logged out.');
}
}
var sessionTimeoutInterval = setInterval('sessionChecker.isNewSession(alertTimeout)', '#{httpSessionChecker.timeout}'*1000+3000);
</script>
For Seam Remoting, add the jboss-seam-remoting.jar to your project and this to your web.xml:
<servlet>
<servlet-name>Seam Resource Servlet</servlet-name>
<servlet-class>org.jboss.seam.servlet.SeamResourceServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Seam Resource Servlet</servlet-name>
<url-pattern>/seam/resource/*</url-pattern>
</servlet-mapping>
Create the HttpSessionChecker (modified from Christian's):
@Name("httpSessionChecker")
@Scope(ScopeType.APPLICATION)
public class HttpSessionChecker {
@WebRemote
public boolean isNewSession() {
return ServletContexts.instance().getRequest().getSession().isNew();
}
public int getTimeout() {
return ServletContexts.instance().getRequest().getSession().getMaxInactiveInterval();
}
}
For simplicity and safety, your best bet is to match all of the timeout times. You want to match your web.xml, components.xml, and the server timeout. Here's 30 minutes for all of them (a normal default):
- your web.xml
<session-config>
<session-timeout>30</session-timeout>
</session-config>
- components.xml
<core:manager concurrent-request-timeout="500"
conversation-timeout="1800000" conversation-id-parameter="cid"
parent-conversation-id-parameter="pid" />
- C:\jboss-5.1.0.GA\server\default\deployers\jbossweb.deployer\web.xml
<session-config>
<session-timeout>30</session-timeout>
</session-config>
That should be it. Now if they leave any page for 30 minutes, it will redirect them to the landing page, and alert them that their session expired. Its not fancy, but its a good default to start with.
seems as great approach, but if the server did not release the session within alotted amount of time (3 seconds in your example), then keeps session going...tried in Tomcat and the session is still active even after 10 seconds...
ReplyDeleteHey dm, thanks for the comment. The timeout should be 30 minutes in this example. You could crank it down to 1 minute and test again. If it still doesn't work, let me know. I'd be interested to see what's going on.
ReplyDeleteThis is a great start for session timeout handling. wanted to know if autologin could be possible after session timeout/session killed,
ReplyDeleteSrinath
That would depend on how you're doing auth, but it sounds like you want to simulate the session never timing out. Maybe just increase the timeouts?
DeleteBut it's working fine for if we are opening browser with one tab it will display popup message.but if it's not working whenever we are opening browser with multiple tabs it's not displaying popup message in two tabsany modification is required.give me any suggestion
ReplyDeleteGood question. I haven't tested that. I'll look into it.
DeleteHi, Its not working for me... The popup message will not display. Please help me.
ReplyDeleteHey Rajesh, I'm not working with JSF anymore. I'm probably not much help.
ReplyDelete