my app uses struts2+spring+hibernate , doing session-interceptor-login-authorisation system , working alright, try implement session expired part i'm running problems: first session interceptor checks every request see if user on session if not redirected login page, otherwise let through action requested .
so if user has began app login page pops
if session has timeout because of session-timeout property in web.xml redirected login page
now had request session expired message displayed. decided use app scope , set variables userloggedin , interceptor can check user in session , if null check app scope variable userloggedin if founded session expired (sessionexpired.jsp) otherwise login.jsp. problem whenever close browser , reopen it, app scope still there , userloggedin variable lets want start browser , app session interceptor fired doesn't find user on session great!! found userloggedin variable telling not brand new start session expired message pop up. know kind of confusing im not sure if right way session expired thing; first try.
any advice, alternative methods, etc, appreciated
pd: know there better approaches securing app spring security devoted 2 days failed , because of time factor im cant keep trying whit
it might easier move session time out interceptor self, every time interceptor used set time value user if time value great between invocations redirected session timed out page. after session telling stale, should able avoid application level logic.
Comments
Post a Comment