How to specify a error page for session-timeout in web.xml?

Code 408 is not for session timeout. It is for when the request is not completed in time.

Hello!

I think you are right!
I found this:
http://en.wikipedia.org/wiki/List_of_HTTP_status_codes

Perhaps there is no code for a session time out at this level?

Best regards
Fredrik

If the session is timed out I would expect the user to be redirected to the login pages instead of getting an error page.

Hello!

Actually there is no log in page, jsu som stuff saved in the session.
If the user is inactive to long we would like the session to expire.
If the user then become active again, then it would be great with a page telling him that the session has expired.

If you got any idea, it is most welcome!

Best regards
Fredrik

Code:

package test;

import java.io.*;

import javax.servlet.*;
import javax.servlet.http.*;

public class ExpSesFilter implements Filter {
    public void init(FilterConfig filterConfig) {
    }
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest)request;
        HttpServletResponse resp = (HttpServletResponse)response;
        HttpSession ses = req.getSession();
        if(ses.isNew()) {
            Cookie[] allc = req.getCookies();
            boolean fnd = false;
            if(allc != null) {
                for(Cookie c : allc) {
                    if(c.getName().equals("FILTER_MARK")) {
                        fnd = true;
                        break;
                    }
                }
            }
            if(fnd) {
                req.setAttribute("TIMEOUT_MARK", "Yes");
            } else {
                Cookie c = new Cookie("FILTER_MARK", "Yes");
                c.setMaxAge(-1);
                resp.addCookie(c);
            }
        }
        chain.doFilter(request, response);
    }
    public void destroy() {
    }
}

web.xml fragment:

    <filter>
        <filter-name>Expired Session Filter</filter-name>
        <filter-class>test.ExpSesFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>Expired Session Filter</filter-name>
        <servlet-name>*</servlet-name>
    </filter-mapping>

JSP or servlet:

request.getAttribute("TIMEOUT_MARK")

will tell you whether it was a timeout.

(you could also let the filter redirect, but maybe just a little notice on the page the user wants is better)

Hello Arne!

What can I say, really elegant solution!
Time after time I just "state" you are playing in such an other division then me, the "eksperts"!
It took some time for me to understand your solution, but now I think I get it!

Btw I have never used Filters before and I do have to say that I have not used this iteration either over a list:
for(Cookie c : allc)
...really inspiring!

Before I saw your solution I just tested if(ses.isNew()) in the ActionClass, and then told Struts to forward to an error page.

But correct me if I'm wrong when I now say (if I understand this correct) that ses.isNew() is actually not enough, since I also found this in the doc:

"Returns true if the client does not yet know about the session or if the client chooses not to join the session. For example, if the server used only cookie-based sessions, and the client had disabled the use of cookies, then a session would be new on each request."

...Must remember to do some more reading before using ...

Once again most thankful for a such a nice solution!
Feel stupid I just put 30 points to this, but please give a "svar" so I can give some reward at least!

Best regards
Fredrik

Filters can be very practical.

The new for loop is just the Java way of doing foreach that was introduced in Java 1.5. Nothing special about that. I could just as well have used an oldfashioned for loop.

The logic in my code is based on:
  - isNew() returns true => the server does not have a session
  - cookie present => a valid session existed earlier

It is somewhat a hack, but given the rather unusual requirements, then I think it has to be that way.