Java – redirect timeout after httpsession

I've been reading many posts on this topic, but I can't get a solution for my example

I am using Java EE 6 and JSF 2.0 (deployed on JBoss as 7.1)

On my web In XML, I have:

<session-config>
        <session-timeout>1</session-timeout>
    </session-config>

I want users to be redirected to the login page when the session automatically times out

I tried

Method 1: use filter

I tried the following filters:

@WebFilter()
public class TimeOutFilter implements Filter {

        @Override
        public void init(FilterConfig filterConfig) throws ServletException { 
        }

        @Override
        public void doFilter(ServletRequest request,ServletResponse response,FilterChain chain) throws IOException,ServletException {
        System.out.println("filter called");
        final HttpServletRequest req = (HttpServletRequest) request;
        final HttpSession session = req.getSession(false);
        if (session != null && !session.isNew()) {
            chain.doFilter(request,response);
        } else {
            System.out.println("Has timed out");
            req.getRequestDispatcher("/logon.xthml").forward(request,response);
        }
    }

    @Override
    public void destroy() {
    }
}

On the web I tried

<filter-mapping>
    <filter-name>TimeOutFilter</filter-name>
    <url-pattern>*.xhtml</url-pattern>
</filter-mapping>

and

<filter-mapping>
    <filter-name>TimeOutFilter</filter-name>
    <servlet-name>Faces Servlet</servlet-name>
</filter-mapping>

The filter works on a per request basis (record "filter called" in the console) But when the session times out, it will not be called

Method 2: httpsessionlister

I tried to use an httpsessionlisterner This method is called with the following signature:

public void sessionDestroyed(HttpSessionEvent se) {
}

I can't redirect to a specific page When I want to redirect users, I usually use the navigationhandler in facescontext, but in this case, there is no facescontext (facescontext. Getcurrentinstance() returns null)

According to this post, httplistener cannot redirect the user because it is not part of the request

topic

What is the best way to solve this problem? What can I do to do one of the above two methods?

Solution

As long as the client does not send an HTTP request, you cannot send an HTTP response It's that simple This is how HTTP works Otherwise, the Internet would look very different if any website could push HTTP responses unimpeded without client requests

Javascript based heartbeat client based keyboard / mouse activities, such as answering here, or refreshing the page, such as answering here, will be the solution. If you are basically a single page webapp (so you don't actually use session scope, but view scope), but if you open the page in multiple tabs / windows in the same session, it won't work well

In theory, web sockets is the right solution to push something to the client, but it requires an active session Egg problem Moreover, it is not available in older browsers, which are relatively widely used, so it should only be used for progressive enhancement now

The best way is to define an error page, which is the case when the end user invokes an operation when the session expires See javax faces. application. ViewExpiredException: View could not be restored.