Refresh Before Session Timeout
If a user logs into a web app but then does not use it for a while, the session will timeout out on the server. However, the web page is still visible in the browser and the user can click on the links that are displayed.
Clicking is likely to result in an error being displayed.
There are two useful ideas here:
- Most web apps put some form of user bean into the session at login. A servlet filter can be used to detect incoming requests that do not contain the user bean in the session, and redirect them to the web app's home page.
- You can get the web page to refresh a minute before the session times out. Set the location for the refresh to a command which invalidates the user's session, then forwards to a web page explaining what has happened.
For a typical timeout of 30 minutes, put this on your web page:
<html> <head> <meta http-equiv="refresh" content="1740;url=<c:urlvalue='/sessionExpired.html'/>"/> </head> </html>
Add this to web.xml:
<session-config> <!-- CDATA[[ Set the <meta http-equiv = "refresh"> tag to 1 minute less than this.]] --> <session-timeout>30</session-timeout> </session-config>
Make sure that in the action or controller for the "/sessionExpired.html" URL you invalidate the session: