Is there a way to "catch" the session timeout event, so as to retrieve data from HttpSession before its invalidated ?
We're implementing the Filter Interface, and in the doFilter method, the user we stored in the session object at login is null when session times out.
Thanks in advance.
You should be able to register an HttpSessionListener for your webapp that will allow you to get notified when a Session is destroyed.
It has two callback methods:
public void sessionCreated(HttpSessionEvent se)public void sessionDestroyed(HttpSessionEvent se)
The HttpSessionEvent class has a getSession method that should let you get the affected session.
The listener class is registered in the web.xml
<listener>
<description>My Session Listener</description>
<listener-class>
my.package.MySessionListener
</listener-class>
</listener>
Have the user object implement HttpSessionBindingListener, then it can see for itself when it is added to or removed from the session.
You can always ad a piece of JSP that will check to see if your session is still active or valid - basically check to see if a session var exists (!=null) and if it doesn't - redirect the user to another page -
<%
// check for session object
HttpSession validuser = request.getSession();
// check to see if session var exists
if (validuser.getValue("auth_user") == null) {
response.sendRedirect("admin3.jsp?access+denied");
}
// if the session var is null then redirect the user
Hope this helps Mark
Source : http://www.coderanch.com/t/279538/JSP/java/jsp-session-timeout
来源:https://stackoverflow.com/questions/3064340/any-way-to-anticipate-session-timeout