We have a GWT app that is deployed on Tomcat. On the server, we have set a timeout of 1 minute
At the client-side, we set a few cookies with a timeout value of 1 minute as well. After 1 minute, we notice that the client-side cookies are removed; However the JSESSIONID set by the servlet container(jetty/tomcat) is still present in the client.
On Session timeout, our user wants us to throw an alert/message dialog to alert him/her that the session has timed out and the user should log in to the server again. It appears that we need a a client-side callback on the timeout — is there an API that we can call to set a callback on Session Timeout ?
As of now, if the user hits the server with an expired session, we do tell him that the session has expired; However the Customer wants us to prevent “lost changes” by alerting the user that the session has timed out( without wasting time on editing any of the client-side data and then submitting to finding out that the session has timed out — lost changes!)
What are other ways of dealing with the situation ?
We have done it our GWT application where the users are warned before the session expires
- We have every client request to go through LoggingAsyncHandler (We extend each async call with this)
- In LoggingAysyncHandler we set timer (A Timer class from GWT) which is little less than the session time out so if there is no activity until this time we pop up a message to the client: “Would you like to continue” if they press ok we reset the timer and make a dummy call to server which resets the session time out as well.
Hope it helps!
Alternatively, you could have your GWT client periodically send pings to the server to check whether the session is still available, but this will result in a lot of needless HTTP requests and will be less efficient.
If your application has a web.xml file add this to the webapp portion
<session-config> <session-timeout>30</session-timeout> </session-config>
This is the server side timeout of sessions in minutes
*Edit – since the Idea of this seems to be lost with some readers.
If the user tries to hit the server with an expired session, they can be redirected to the login page as the original poster had asked. There is no reason the front end has to send a callback to the server when the cookie expires. If the user does not send a sessionID, they go to the login screen. If they send a session ID to the server which has expired, send them to the login page. The pop-up message can be handled in the front end