Tomcat Session Handling

Hi All,

I have an interceptor class in my spring apps that checks for an object in a user session.

I had my interceptor be called in all url so that they get redirected to the login form whenever there is no session associated with the request.

My problem is that, it seems that the session object is not managed by Tomcat.

I have this in my web.xml



But I think the session object is not being discarded. Is there something that I could check?

mark reyes wrote:
But I think the session object is not being discarded. Is there something that I could check?

implement HttpSessionListener or Check session attribute on Server side

Hi Seetharaman,

I actually have this code,



My problem is, when I bookmarked any of my url, it is always printing 'user still has session...' and user is not redirected to login form

I am not sure but, for some reason session is still active even though the session timeout already elapsed.

The only way, I get redirected to the login screen is when I restart my tomcat.

mark reyes wrote: I get redirected to the login screen is when I restart my tomcat.

1.probably , preHandle is getting called at this time . so you need to check the logic of SessionCheckerInterceptor

2.As i mentioned earlier implement the Listener and Test first

Setting session-timeout to 1 minute does not guarantee that the session will be removed after one minute, it just says that Tomcat can invalidate and remove the session when it gets around to it.

How much time are you allowing before checking?

Bill

Hi,

I think 5 minutes is not enough to say that session is already discarded.



This is really correct..

I waited for about 15 minutes and that was the time that I got redirected to the login screen.

Oh by the way, I forgot to mention in my post that I did not invalidate the session, I just close my browser and just waited for the time expiration.

I think I got it now.


Kudos to both of you..