Search code examples
jsfsession-timeoutmanaged-bean

How to prevent managedBean session times out?

I'm working on JEE 6 projet where the client need sometimes to prevent the session from times out. I want to use a Boolean Check Box to allow the ever user to Stay connected or not like he wants.

I am tempted by the following technique, where myType must be : client or server ;

<context-param>
  <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
  <param-value>#{mySession.myType}</param-value>
</context-param>
Solution

  • I've solved this problem in other way :

    1. I've not use javax.faces.STATE_SAVING_METHOD
    2. In my web.xml i've used : session-timeout = 20
    3. In my loginForm
    4. i've changed the action form from j_security_check To j_security_check.jsp by creating a jsp file.
    5. i've added in the login form a checkbox to know if the user want to stay connected or not.
    6. In my managedBean i check the KEEP_CONNECT value, to disable timeOut until the manual deconnexion : userSession.setMaxInactiveInterval(-1); Or to keep this session more long (2 Hours) : userSession.setMaxInactiveInterval(7200);

    The review :

    web.xml

    <session-config\> <session-timeout>20</session-timeout> </session-config>

    loginForm

    <form method=post action="/j_security_check.jsp" > <input type="text" name= "j_username" > <input type="password" name= "j_password" > <input type="checkbox" name="j_remember" /> </form>

    j_security_check.jsp

    //Have we already authenticated someone ?
    if (request.getUserPrincipal() == null) {

        String j_username = request.getParameter("j_username");
        String j_password = request.getParameter("j_password");
        String j_remember = request.getParameter("j_remember");

        try {

            request.login(j_username, j_password);

            if("on".equals(j_remember)){
                session.setAttribute(KEEP_CONNECT, true);
            } else {
                session.setAttribute(KEEP_CONNECT, false);
            }

            logger.debug("Authentication of '" + request.getUserPrincipal() + "' was successful.");
            response.sendRedirect(request.getContextPath() +HOME_PAGE);
        } catch (Exception ex) {
            logger.error(ex,"Authentication failed.");
            response.sendRedirect(request.getContextPath() + ERROR_PAGE);
        }

    } else {
        logger.debug("Already authenticated '" + request.getUserPrincipal() + "'.");
        response.sendRedirect(request.getContextPath() + LOGIN_PAGE);
    }

    SessionManagedBean

    private void initTimeOut() {
        String login          =           FacesContext.getCurrentInstance().getExternalContext().getUserPrincipal().getName();
        boolean keepConnected = (boolean) FacesContext.getCurrentInstance().getExternalContext().getSessionMap().get(KEEP_CONNECT);

        logger.debug(login + " IN > " + userSession.getMaxInactiveInterval());
        logger.debug(" keepConnected ? = " + keepConnected);

        if (keepConnected) {
            //keep this session and disable timeOut until the manual deconnexion
            userSession.setMaxInactiveInterval(-1);
        }

        logger.debug(login + " OUT > " + userSession.getMaxInactiveInterval());
}