How to configure Session timeout in jsf

How to Configure Session Timeout in jsf

How to Configure Session Timeout in jsf

Step 1.Create Listener Class such as MySessionListener.java

package com.session;

public class MySessionListener implements HttpSessionListener {
public MySessionListener() {
}
public void sessionCreated(HttpSessionEvent event) {
System.out.println("Current Session created : "+ event.getSession().getId() + "at "+ new Date());
}
public void sessionDestroyed(HttpSessionEvent event) {
// get the destroying session…

HttpSession session = event.getSession();
System.out.println("Current Session destroyed :" + session.getId() + "Logging out user");
/*
* nobody can reach user data after this point because session is invalidated already.
* So, get the user data from session and save its logout information
* before losing it.
* User’s redirection to the timeout page will be handled by the SessionTimeoutFilter.
*/
// Only if needed
try {
prepareLogoutInfoAndLogoutActiveUser(session);
} catch(Exception e) {
System.out.println("Error while logging out at session destroyed : " + e.getMessage());
}
}
/**
* Clean your logout operations.
*/
public void prepareLogoutInfoAndLogoutActiveUser(HttpSession httpSession) {
// Only if needed
}
}



Step 2.Create Filter Class SessionTimeoutFilter.java

package com.session;



/**
*When the session destroyed, MySessionListener will do necessary logout operations.
* Later, at the first request of client, this filter will be fired and redirect
* the user to the appropriate timeout page if the session is not valid.
*/


public class SessionTimeoutFilter implements Filter {
// This should be your default Home or Login page
// "login.index" if you use Jboss Seam otherwise "login.jsf" / "login.xhtml" or whatever
private String timeoutPage = "/LOG001.jsf";
public void init(FilterConfig filterConfig) throws ServletException {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
if ((request instanceof HttpServletRequest) && (response instanceof HttpServletResponse)) {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
// is session expire control required for this request?

if (isSessionControlRequiredForThisResource(httpServletRequest)) {
// is session invalid?

if (isSessionInvalid(httpServletRequest)) {
String timeoutUrl = httpServletRequest.getContextPath() + "/" + getTimeoutPage();

System.out.println("Session is invalid! redirecting to timeoutpage : " + timeoutUrl);

httpServletResponse.sendRedirect(timeoutUrl);
return;
}
}
}
filterChain.doFilter(request, response);
}

/*
* session shouldn’t be checked for some pages. For example: for timeout page..
* Since we’re redirecting to timeout page from this filter,
* if we don’t disable session control for it, filter will again redirect to it
* and this will be result with an infinite loop…
*/

private boolean isSessionControlRequiredForThisResource(HttpServletRequest httpServletRequest) {
String requestPath = httpServletRequest.getRequestURI();
boolean controlRequired = !StringUtils.contains(requestPath, getTimeoutPage());
return controlRequired;
}
private boolean isSessionInvalid(HttpServletRequest httpServletRequest) {
boolean sessionInValid = (httpServletRequest.getRequestedSessionId() != null)
&& !httpServletRequest.isRequestedSessionIdValid();
return sessionInValid;
}
public void destroy() {
}

public String getTimeoutPage() {
return timeoutPage;
}
public void setTimeoutPage(String timeoutPage) {
this.timeoutPage = timeoutPage;
}
}

Step -3

1. Put jar file commons-lang-2.4 into lib folder
2. Change web.xml file

<filter>
<filter-name>SessionTimeoutFilter</filter-name>
<filter-class>com.session.SessionTimeoutFilter</filter-class>
</filter>


<filter-mapping>
<filter-name>SessionTimeoutFilter</filter-name>
<url-pattern>*.jsf</url-pattern>
</filter-mapping>



<listener>

<listener-class>com.session.MySessionListener</listener-class>
</listener>