Menu
This is my web.xml file, it is located in WEB-INF/lib. It specifies session timeout at 1 minute, however it does not time the user out after 1 minute of activity.
Web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<servlet>
<servlet-name>Login</servlet-name>
<servlet-class>Login</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Login</servlet-name>
<url-pattern>/Login</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>1</session-timeout>
</session-config>
</web-app>
I used this line session.getMaxInactiveInterval() in my jsp file and it outputted 1800 (30 minutes) . Does anyone why it defaults to 30 rather than using the time specified in my web.xml file?
EDIT:
I've code on my jsp page which checks for session attribute and if it does exist redirects the user to the login page after a minute even on page refresh the user is not redirected.
if(session.getAttribute("username") != null){
out.println(session.getAttribute("username"));
}else{
response.setStatus(response.SC_MOVED_TEMPORARILY);
response.setHeader("Location", "index.jsp");
}
EDIT Full Code (Login.java):
package com.labs.xmlgenerator.controller.managesession;
import java.io.IOException;
import java.sql.SQLException;
import java.util.HashMap;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.labs.xmlgenerator.model.dbconnection.*;
/**
* Servlet implementation class Login
*/
@WebServlet(description = "Verifies Users Credentials", urlPatterns = { "/Login" })
public class Login extends HttpServlet {
private static final long serialVersionUID = 1L;
private DbLoginQueries query = new DbLoginQueries();
/**
* @see HttpServlet#HttpServlet()
*/
/*
public Login() {
super();
// TODO Auto-generated constructor stub
}*/
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
try {
validateLoginCredentials(request.getParameter("liUsr"),request.getParameter("liPwd"),request,response);
} catch (ClassNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
private void validateLoginCredentials (String username, String password, HttpServletRequest request, HttpServletResponse response) throws IOException, ClassNotFoundException, SQLException{
Boolean valid = true;
int resultSize;
HashMap<String, String> userDetails = null;
HttpSession session = request.getSession(true);
String location = "index.jsp";
Cookie usernameErrorCookie;
Cookie passwordErrorCookie;
Cookie usernameCookie;
if(username == null || username == ""){
valid = false;
usernameErrorCookie = new Cookie("liUsrErrCookie","Please enter a valid username");
response.addCookie(usernameErrorCookie);
}else{
usernameCookie = new Cookie("liUsrCookie",username);
response.addCookie(usernameCookie);
}
if(password == null || password == ""){
valid = false;
passwordErrorCookie = new Cookie("liPwdErrCookie","Please enter a valid password");
response.addCookie(passwordErrorCookie);
}
if(valid == true){
userDetails = query.loginQuery(username);
resultSize = userDetails.size();
if(resultSize < 4){
valid = false;
usernameErrorCookie = new Cookie("liUsrErrCookie","The username entered is not valid");
response.addCookie(usernameErrorCookie);
}
else if(resultSize > 4){
valid = false;
usernameErrorCookie = new Cookie("liUsrErrCookie","The username is returning more than one result, please contact admin");
response.addCookie(usernameErrorCookie);
}
else if(resultSize == 4){
if(!userDetails.get("Password").equals(password)){
valid = false;
passwordErrorCookie = new Cookie("liPwdErrCookie","The entered password is incorrect");
response.addCookie(passwordErrorCookie);
}
}
}
if(valid == true){
session.setAttribute("username", userDetails.get("Username"));
session.setAttribute("permission", userDetails.get("AdminPermissions"));
session.setAttribute("email", userDetails.get("Email"));
location = "home.jsp";
}else{
location = "index.jsp#login";
}
response.setStatus(response.SC_MOVED_TEMPORARILY);
response.setHeader("Location", location);
}
}
home.jsp
<?xml version="1.0" encoding="ISO-8859-1" ?>
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Home</title>
<link rel="stylesheet" href="resources/css/Common.css" type="text/css">
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>
<script src="resources/js/Common.js"></script>
</head>
<body>
<header>
<div id="actionsMenu">
<ul id="actionLinks">
<li><a class="linkButtons" id="userNameLink">
<%
System.out.println(session.getMaxInactiveInterval());
if(session.getAttribute("username") != null){
out.println(session.getAttribute("username"));
}else{
out.println("no user");
/*
response.setStatus(response.SC_MOVED_TEMPORARILY);
response.setHeader("Location", "index.jsp");*/
}
%>
</a></li>
<li><a class="linkButtons" href="Logout">Log Out</a></li>
<li><a class="linkButtons" href="#">Update</a></li>
</ul>
</div>
</header>
<nav class="tabs">
<section id="generateSection">
<h2 class="selectedTab" id="generateTab">
<a id="gene" href="#generateXML">Generate XML</a>
</h2>
<div class="selectedContent" id="generateNav">
<ul id="links">
<li><a class="navLink" href="#graphic">Graphic Interface</a></li>
<li><a class="navLink" href="#xml">XML Interface</a></li>
</ul>
</div>
</section>
<section id="adminSection">
<h2 class="normalTab" id="adminTab">
<a href="#admin">Admin</a>
</h2>
<div class="normalContent" id="adminNav">
<ul id="links">
<li><a class="navLink" href="#images">Manage Images</a></li>
<li><a class="navLink" href="#keywords">Manage Keywords</a></li>
<li><a class="navLink" href="#users">Manage Users</a></li>
</ul>
</div>
</section>
</nav>
<div id="content">
<noscript><p id="javascriptError">This website requires JavaScript to be enabled.</p></noscript>
</div>
<div id="updateUserDetails"></div>
<div id="popup">
<input type="button" value="X" id="exitButton">
<p class="pageTitle" style="float:left; margin:0px;">Update Details</p>
<form id="updateForm" action="Update" onsubmit="return updateValidation()" method="post" >
<p id="user">Username :</p>
<p id="userNameUpdate"><%
if(session.getAttribute("username") != null){
out.println(session.getAttribute("username"));
}%></p>
<p class="error" id="updCurrentPwdErr">
<%
Cookie[] currentPassEror = null;
currentPassEror = request.getCookies();
if(currentPassEror != null){
for(int i = 0; i < currentPassEror.length; i++){
Cookie cookie = currentPassEror[i];
if(cookie.getName().equals("updCurrentPwdErrCookie")){
out.println(cookie.getValue());
cookie.setMaxAge(0);
response.addCookie(cookie);
}
}
}
%>
</p>
<label for="updCurrentPwdLbl">Current Password :</label>
<br />
<input type="password" name="updCurrentPwd" id="updCurrentPwd">
<br />
<p class="error" id="updNewPwdErr">
<%
Cookie[] newPassCookies = null;
newPassCookies = request.getCookies();
if(newPassCookies != null){
for(int i = 0; i < newPassCookies.length; i++){
Cookie cookie = newPassCookies[i];
if(cookie.getName().equals("updNewPwdErrCookie")){
out.println(cookie.getValue());
cookie.setMaxAge(0);
response.addCookie(cookie);
}
}
}
%></p>
<label for="updNewPwdLbl">New Password :</label>
<br />
<input type="password" id="updNewPwd" name="updNewPwd">
<br />
<p class="error" id="updReNewPwdErr">
<%
Cookie[] reNewPassCookies = null;
reNewPassCookies = request.getCookies();
if(reNewPassCookies != null){
for(int i = 0; i < reNewPassCookies.length; i++){
Cookie cookie = reNewPassCookies[i];
if(cookie.getName().equals("updReNewPwdErrCookie")){
out.println(cookie.getValue());
cookie.setMaxAge(0);
response.addCookie(cookie);
}
}
}
%>
</p>
<label for="updReNewPwdLbl">Re-Enter New Password :</label>
<br />
<input type="password" id="updReNewPwd" name="updReNewPwd">
<br />
<p class="error" id="updEmailErr">
<%
Cookie[] emailErrCookies = null;
emailErrCookies = request.getCookies();
if(emailErrCookies != null){
for(int i = 0; i < emailErrCookies.length; i++){
Cookie cookie = emailErrCookies[i];
if(cookie.getName().equals("updEmailErrCookie")){
out.println(cookie.getValue());
cookie.setMaxAge(0);
response.addCookie(cookie);
}
}
}
%>
</p>
<label for="updEmailLbl">Email :</label>
<br />
<input type="text" id="updEmail" name="updEmail" value="<%
boolean foundEmailCookie = false;
Cookie[] emailCookies = null;
emailCookies = request.getCookies();
if(emailCookies != null){
for(int i = 0; i < emailCookies.length; i++){
Cookie cookie = emailCookies[i];
if(cookie.getName().equals("updEmailCookie")){
foundEmailCookie = true;
out.println(cookie.getValue());
cookie.setMaxAge(0);
response.addCookie(cookie);
}
}
}
if(!foundEmailCookie){
if(session.getAttribute("email") != null){
out.println(session.getAttribute("email"));
}
}
%>">
<input type="hidden" id="updUrl" name="updUrl" value="">
<br />
<input type="submit" value="UPDATE">
</form>
</div>
</body>
</html>
563
The session-timeout element defines the default session timeout interval for all sessions created in this web application. The specified timeout must be expressed in a whole number of minutes.
To invalidate a session manually, call the following method: session. invalidate();
xml file for Tomcat specifies how long an Administration Console session can remain inactive before the session times out and the administrator must authenticate again. The default value is 30 minutes. Open the web. xml file in a text editor and search for the <session-timeout> parameter.
Session timeout hierarchy:
The order of the session timeout configuration:
HttpSession.setMaxInactiveInterval(int) > $WebApplication/webapp/WEB-INF/web.xml > $TOMCAT_HOME/conf/web.xml
Each subsequent entry overrides the above configuration.
Best regards.
150
The web.xml should be directly in WEB-INF, not in WEB-INF/lib.
23
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
