C
Carl Howells
I'm using Tomcat 5.0.16. I'm using Realm based security for authentication of users.
I'm using form-based authentication. This means that the the authentication lasts
while the user's session stays valid. This is the effect I want, as I want to be
able to log someone out just by using HTTPSession.invalidate().
However, it leaves me in a bit of a predicament when the session times out. Because
it's container managed security, if the user has been sitting at a protected page the
whole time, then refreshes, they'll be sent directly to the login page again, rather
than being told that their session timed out (or whatever message I'd use.) What I'd
like to do is have the login form at least tell them that they have to log in again
because they were inactive too long. Is there any way to do this while using
container managed security?
I'm using form-based authentication. This means that the the authentication lasts
while the user's session stays valid. This is the effect I want, as I want to be
able to log someone out just by using HTTPSession.invalidate().
However, it leaves me in a bit of a predicament when the session times out. Because
it's container managed security, if the user has been sitting at a protected page the
whole time, then refreshes, they'll be sent directly to the login page again, rather
than being told that their session timed out (or whatever message I'd use.) What I'd
like to do is have the login form at least tell them that they have to log in again
because they were inactive too long. Is there any way to do this while using
container managed security?