Servlets :: Session Timeout In General Web Applications Vs Social Apps
Mar 14, 2014
Generally sessions in web applications expire after a stipulated max inactive interval. To my knowledge primarily the reason is if the session objects are not invalidated they keep exhausting the memory. So my question is
A. Is there any other reason other why web applications timeout the user session after an inactive interval?
B. Social sites never timeout the user session even if you just leave them for the entire day. How do they manage sessions? Don't the active sessions exhaust memory on their servers or JVM to be specific?
We have this website that is run on two web applications. The first web application hosts the home page and clicking certain links in the home page would forward it to pages of the second web application where certain functionalities can be done. Now, there has been an initiative to redesign the site to have a login page and only logged in users could browse it. This would mean a login page being created in the first app, and when links to the second application are clicked, the pages are supposed to forward to it with the same session of the user that logged in.
We have already creating handling to pass the session from the first app to the second. Logging out from the first application would also invalidate the same user session in the second application. My questions is, is this a bad idea? would it be better to combine the two apps even if it would mean a huge impact?
or is there are better way to do this? like set it in web.xml. I have read that you cannot use two context for it.
My application uses Struts and IBM Web application Server. I have a question regarding session management. I have a variable stored in session scope, i.e. the name of the client. it is a intranet application. Now whenever the user leaves the browser screen for a long time, the session times out and losses the name of the client.
How to restore the variable after the client comes back and starts using the browser and refreshes the screen and starts using the application. I want just the browser to remember the session variable i.e. "name" of the client.
in my web.xml my session time out is working but not fully working in my ui i use tiles , i have 5 clickable side panels i try to set timeout for 1 minute or 10 minutes for testing after the time is timeout this what happen working refresh the page after time out = working ,directed me into log in page which is correct.i have 5 clickable side panel in my page after timeout when i click the first 2 in side panel tabs it directed me into log in page which is also correct not working after the timeout when i navigate the page i click the other 3 side panels i can still navigate into the page but when i click the first 2 side panel it directed to log in page w/c is correct but can still navigate the page the other 3 side panels
issue : my session timeout is not fully working on my page.
Okay I am new to web-programming in general and am confused about how sessions work-:
1) Are sessions stored only on the client computer ? If so then if cookies are disabled then if browsers only store the session how are they able to remember the exact JSESSIONID ? Also how does the server (like Tomcat) remember which JSESSIONID belongs to which user ? Where does it store that information ?
2) If the server also stores the session information then how fast does it become out of date ?
3) If a client has cookies disabled does the server maintain a key-value pair of the IP and the session-id, so that if the same client logs in then the same session-id will be appended ?
4) When does the web-container make the decision of using cookies or the encodeURL() method to embed the session info ?
I have set the session timeout in web.xml to 60 but when I start on the home page and begin to enter any data I immediately get redirected to the timeout page.From the timeout page I can click a link that takes me to the home page. Now I get the 60 minutes before another timeout occurs. Changing the timeout only results in a change to the timeout after going back to the home page..why I am seeing an immediate timeout?
I am new to JSF and I am working on handling session timeout for a JSF application. I am trying to get the code to work for ajax calls and not able to achieve that so far. I have tried two approaches:
Approach 1: SessionListener (for cleanup work) and SessionFilter (for filtering every request and checking if session timed out)
My Code snippet of doFilter() of SessionFilter:
if ((request instanceof HttpServletRequest) && (response instanceof HttpServletResponse)) { HttpServletRequest httpServletRequest = (HttpServletRequest) request; HttpServletResponse httpServletResponse = (HttpServletResponse) response; // is session expire control required for this request? (not required for home page or timeout page or JSF resources) if (isSessionControlRequired(httpServletRequest)) {
[Code] .....
Both these approaches work for non-ajax POST calls but not for ajax calls. When I run my app in debug mode, I can step through all the statements for ajax calls also, which gives me an idea that the control does come to my code, executes it but for some reason, nothing happens on the UI.
I have been trying to redirect user to a timeout page but the ideal thing would be to display a JSF dialog and upon hitting 'OK' take user to Home Screen (My app does not have a login screen.) I have a basic questions also, is view expiring exactly same as session timeout?
Coding a web application using Java 6. Try to implement the session timeout for users.
In the web.xml, I added:
<session-config> <session-timeout>480</session-timeout> <!-- jsp will expire in 8 hours --> </session-config>
Now, during the runtime, if a user does not touch the jsp page for 8 hours (after the user has signed in), the session timeout mechanism will kick in. At that point, the server side will automatically execute:
rd = req.getRequestDispatcher("/signin.jsp");
So that the user will have to re-sign in, before continue the work.
I want to implement session timeout functionality ...so with web.xml file i can specify session timeout ..say 30 min.. Now with filter is it possible for me to redirect the request to login page after session is timeout say after 30 min... What are the other ways...??
Also i want to know whether timeout setting in web.xml will overweight the application server timeout ... I am using struts 1.0 and hibernate...
Can I access the session object even session has been expired? I need to check whether session is expired or not for each request.The session invalidation is set null the session object. What I concluded, session time out I can access session object but session invalidation I can not access session object. How can I find the session time out by using session object?
I am developing a e-commerce college project, here i add the items in the cart(a div tag in the jsp page) via servlet by creating sessions,
flow control: shopping jsp (when user wants to add an item in the cart) --> item servlet (which is used to create session and synchronized it) --> cart servlet(which is used to add items in the arraylist and show them in the shopping.jsp's div tag + it also sets the total purchase amount in the session variable "totalpurchase")
now after that user wants to proceed to checkout, here i use the onclick event to check the minimumshopping amount must be less than the totalpurchase (totalpurchase which i had setted in the session),but my jsp page is unable to rechognise the updated value of the totalpurchase, yes, if i reload the page, it rechognises the new updated value of the totalpurchase? but i want it to rechognise the updated total purchase value, without reloading he jsp page..
I'm deployed application A and application B in TOMCAT server applications, the U1 user enters into the application A, he authenticates and generates a call to a page of the app B. As I was able to access the session of user U1 en A from B, it could have a single session.
I'm trying to go back to basic and strengthen some of my foundation. I'm wondering what kind of data would be appropriate to be stored inside a session? My app is a web app where all the users are the employee of a company. So it's an web-based app that keeps track of stock movements, purchasing and sales order (standard distributor company). The web app interacts strictly with employees, so no public facing app (yes, that's right, no shopping cart). So, in this kind of web app, what kind of data that by storing it to session.
Jan 11, 2015 10:08:23 PM org.apache.catalina.session.StandardSession writeObject WARNING: Cannot serialize session attribute cart for session 2F9FF7A5ABC3620BD5B3BC0C4D46C558 java.io.NotSerializableException: org.apache.tomcat.jdbc.pool.DisposableConnectionFacade at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1183) at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1547) at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1508)
Now I want to store those username and age(in .html) somewhere and I want those information in welcome.jsp. Now, I'm storing all those in session itself(In doGet method(servlet)).
2 Doubt) Also, when I get the session in servlet HttpSession session = request.getSession(); line No. 27. The session value is org. apache. catalina. session. StandardSessionFacade@69a8bf4f...I'm expecting that session is to be empty. Because, I dint store anything until that line.
The authenticatedUser and menu attributes are gone. I never know when it's going to happen so I can't trace it. Any guesses why those type session objects would die?
I attached an image of what menu object looks like.
I have a question about how to check for a session as the user goes through different pages. I am using Java beans and EL to pass data from page to page but I cannot figure out how to check for a session on the pages without the use of a scriptlet with an if else statement in it.
I do not want the user to be able to access any pages unless they are logged in. With a scriptlet, I can create a statement that says if session exists show name else redirect to login page.
From what I have read and what some of the wonderful members here have told me, scriptlets are a big no no these days. So, how do I do these without the use of a scriptlet?
Being new to java I am a bit lost as to why my session attribute for this banking app wont add the deposits to the session var... it just keeps going back to the amount I set it to originally - so if I set the beginning balance to 3000 then deposit 100 it becomes 3100, but if I then try deposit another amount eg. a extra 200 it becomes 3200 not 3300 like it should be !!
import javax.servlet.*; import javax.servlet.http.*; import java.io.*; import java.util.*; import java.net.*; import java.text.DecimalFormat; public class SessionBank extends HttpServlet
The application works fine but currently there is data getting replicated among different users. Is it the problem of session data getting merged with other session data or is it server cache not getting cleared or is there any setting to be changed in weblogic application server??
What is the difference between JSESSION ID and Session?I red THIS blog, I got the explanation but I'm actually confused about JSESSION ID and Session.. In that blog, they told about JSESSION ID cookie. then What is the difference between JSESSION ID and Cookie?
My dynamic web project has a java class that captures a session variable with the following code.
HttpSession LoginSession = request.getSession(); String VAR = LoginSession.getAttribute("myVar").toString(); //This is the row 127
If i test the app in local (Mac + Java 1.8 + Tomcat 8) all works. In my remote cloud server (Ubuntu 14.10 + Java 1.8 + Tomcat 8) all works, except this class, that has this code. I copy the complete error here. Note that the row 127 of the error message is the second row of the previous code; and, if i comment this row with // and assign a fix variable all works. So, the problem is that 127^ row.
14-Dec-2014 08:15:23.923 SEVERE [http-nio-8080-exec-14] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [srvNavigation.SrvPT] in context with path [/myapp] threw exception java.lang.NullPointerException at srvNavigation.SrvPT.doGet(SrvPT.java:127) at javax.servlet.http.HttpServlet.service(HttpServlet.java:618) at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
I'm experimenting the basic concepts of Servlet technology with my below simple setup.
I have a welcome.jsp defined under webContent in eclipse and my welcome.jsp looks like
<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1" [b]session="false"[/b]%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
[Code] ....
Now I have few questions based on the above setup
1) As you see session="false" in jsp, and when I used scriptlet like <%= request.getSession(false) %>, I see "null" being printed but if I use pageContext.request.session.id, the session is not null. How does session = "false" influences scriptlets and implicit objects and why the behavior is different
2) If session really exists, even when session=false is used, when I disabled cookies in FireFox browser and click on "click Me" hyperlink, the control goes to Controller, but in the servlet, I see 'No Session Created" being displayed. Which means session was not created and probably because I used false is getSession(false). But if I enable cookies, with the same setup, I get Session ID = << some value>> being printed and this is same as the session what printed through pageContext.request.session.id in the jsp.
So when cookies disabled, how can pageContext.request.session.id actually printed session id , but not in servlet and when cookies enabled, the same session id is displayed in both cases.
My question is why there is no impact in jsp, when cookies are disabled.
how it is decided which class will implement a session listener interface? Which class will implement HttpSessionListener? Which one will implement HttpSessionActivationListener, HttpSessionBindingListener or HttpSessionAttributeListener?
