4 Replies Latest reply on Mar 13, 2007 7:32 PM by ishabalov

Session Expired Handling with Ajax4jsf

kfletcher2005 Mar 13, 2007 2:19 PM

I have read from the documentation a cryptic example of how to handle http session expiration using ajax4jsf.

Here is the only snippet from the documentation.....
--------------------------------------------------------
Beginning with Ajax4jsf version 1.0.5 it's possible to redefine also the "onExpired" framework method that is called on the "Session Expiration" event.

A4J.AJAX.onExpired = function(loc,expiredMsg){

// Custom Developer Code
alert("Hey dude, the session expired");

};

Here the function receives in params:

* loc - URL of the current page (on demand can be updated)
* expiredMsg - a default message on "Session Expiration" event.

Note:
Until the version 1.0.5 the method can't be redefined on "Session Expiration" , a confirmation dialog with request for view reloading was always called.

------------------------------------ End of snippet.

I put this javascript in my jsp, and put in an alert to see if the session expiration event was captured. I set my session expiration to 1 minute in my web.xml. But the alert never popped up. Does anyone have a real life example how to handle the session expiration using ajax4jsf? I would expect the browser to send a session expiration event to be fired, and the above said script to be invoked upon that event, and then popup the alert message.

In the interim, I have found a quick and easy way to handle session expiration, and redirect the user to the login screen without ajax4jsf....

add this to the head tag...

<meta http-equiv="refresh" content="<%=session.getMaxInactiveInterval()%>;url=/login.jsf">

1. Re: Session Expired Handling with Ajax4jsf

sergeysmirnov Mar 13, 2007 5:52 PM (in response to kfletcher2005)

same as http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4027713#4027713
Actions
2. Re: Session Expired Handling with Ajax4jsf

harnishg Mar 13, 2007 6:52 PM (in response to kfletcher2005)

That's helpful. So if I follow correctly to get the page to function like he wants, he could add an a4j:poll to the page, having it poll some random data and, on expiration of the session, it would conduct the proper action.
Actions
3. Re: Session Expired Handling with Ajax4jsf

sergeysmirnov Mar 13, 2007 7:26 PM (in response to kfletcher2005)

if you post a poll to the server just 10 sec. before the expiration, the session timeout will start over. If the request misses the session timeout, onExpired will be invoked where the redirection to the '/login.jsf" happens.
However, I do not see why it is better than <meta http-equiv> mentioned above. If we need to keep the session alive while user does nothing but browser is open, the a4j:poll is helpful
Actions
4. Re: Session Expired Handling with Ajax4jsf

ishabalov Mar 13, 2007 7:32 PM (in response to kfletcher2005)

And your poll will successfully prevent your session from expiration :-)

So, to be able to "verify" if session still valid on server from browser is not actually a simple task. The trick is to be able to make server call without associating current session with it. and be able to verify "validity" of that session.

Best,
Igor.
Actions

Go to original post