PDA

View Full Version : I have a problem about session control in my application


likigoldenstar
08-23-2010, 07:02 PM
Hi, everybody!
Now I have a problem to be solved asap.
I am developing web application using Resin 4.06, Spring and ZK framework.
I want to implement the automatic relogin function when session is time out.
(That's I want to keep session. Now after session is time out, I see the timeout message and I want to re-login instead of this message automatically.)
How can I do that? Please help me.

Now I am testing something for session control. But though i changed the session timeout is 1min in my app web.xml, it doesn't work.
<session-config>
<session-timeout>1</session-timeout>
<session-max>4096</session-max>
</session-config>
What is wrong with this configuration?

Thanks for your attention.
Regards

emil
08-23-2010, 07:36 PM
Hi,

I want to implement the automatic relogin function when session is time out.

This functionality doesn't really exist. If you want to avoid having your users login often, you can use a long session with a persistent cookie (i.e. a cookie with a long expiration date), but they'll have to log in again at some point. Setting your timeout to something short like 1 minute is the opposite of what you want to do.

Check out these articles for more info:

http://java.dzone.com/articles/servlet-sessions-and-automatic
http://code.google.com/p/google-web-toolkit-incubator/wiki/LoginSecurityFAQ

Emil

likigoldenstar
08-24-2010, 03:33 AM
Hi emil
Thanks for your quick reply.

I want to implement that user can login again without typing username and password after session is timeout.

That's,
When session is time out, our site shows the timeout message only now.

So, I want add the relogin link in this page.
When clicking this link, user can login again without typing username and pwd.


This is what i want.

emil
08-24-2010, 05:11 PM
Hi,

This link might give you some tips. I'm not sure if these are still considered best practices, but it might get you started:

http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice/

Emil