How to differentiate between logout and session expired?

java jsp session session-timeout
Prabhat picture Prabhat · Jul 22, 2010 · Viewed 8k times · Source

Case 1: Log out : Once we log out, if one tries to access previous, it must automatically redirect to login.jsp

Case 2: Session expired : If session expires when user is still logged in, it must try to automatically redirect to sessionExpired.jsp when previous page is accessed.

How to differentiate ? I am currently invalidating session when logging out.

Answer

JoseK picture JoseK · Jul 22, 2010

On login, set a cookie with a long expiry (> 24 hours). Remove this cookie at logout time by setting the maxage to 0.

You can have check for any non-logged in user (i.e. invalid session id). If the cookie does not exist, redirect him to login.jsp

If the cookie exists, it means his session expired so redirect him to session-expired.jsp

Related questions

accessing constants in JSP (without scriptlet)

I have a class that defines the names of various session attributes, e.g. class Constants { public static final String ATTR_CURRENT_USER = "current.user"; } I would like to use these constants within a JSP to test for the presence …

Read More
What is session management in Java?

I have faced this question in my Interview as well. I do have many confusion with Session Scope & it management in java. In web.xml we do have the entry : <session-config> <session-timeout> 30 </session-timeout> &…

Read More
How to properly invalidate JSP session?

So here is the problem. When a user logs out of my website, they can still hit the back button and continue using the site. To keep track of whether the user is logged in or not, I created a …

Read More