Ran across on question on LinkedIn today and thought the answer belonged here as well…
Q: (paraphrased for grammar) How to automatically redirect to the login page after a session time out?
A: Assuming that there is a security session that is separate from your server session, you can add a hidden AJAX component that checks every n seconds and redirects when the session is closed. When you do this, you need to include in your keep alive call an appended parameter that is incremented or changed randomly each time or else you may get a cached response from the browser and miss that magic time out moment.
If you need to know if the session of the same application on the same server has timed out, there is a chicken and egg paradox as any call to the server to check if the session is still alive will keep the session alive, so it will never time out. I’ve heard of applications that have worked around this, but have not had to research it out as the requirement always resolved to a security session timing out that lived on another server (as described in the first paragraph) or the that simply have the page go to the login page on the next click after the timeout was acceptable.
To go to the login page after the next click in a timed out session, simply fill in the security node of your web.xml completely and the web server will do the rest.
© Scott S. Nelson
This question came up on Linked In today, and I thought I would post my response to it here for those that don’t belong (and if you don’t and you are reading this blog, you probably should):
I read the question as one about outsourcing, and I see many responses about off-shoring. I’ll give my 2 cents on both, and you can owe me a nickle including tip.
Outsourcing is a way to mitigate risk for mission critical goals. The mitigation is in two forms. The first is, outsourcing to experts provides the perceived safety that the job will get done correctly. The perception is right about half the time (in my experience).
The other form of risk mitigation is the ability to place the blame for any failure on the vendor. As a vendor, I know that the likelihood of this being the reason for outsourcing increases with the number of people involved in the decision.
Off-shoring is a mixed bag. There are some companies that are really good, and some that are not. There are individuals within companies that are really good, and many that are not. In other words, on one level there is no difference between offshore and outsourcing.
On another level, there is the communication gap that is unavoidable due to both cultural and temporal differences. There are some companies that try to offset the temporal differences by having teams that work hours that coincide with US business hours. Anyone who has ever used 24 hour services knows that the best and brightest rarely work in the wee hours, and those that do are still not at the top of their game.
Off shoring works great for both parties far more often if the requirements are crystal clear and fairly static. Otherwise, your mileage will vary. Since the successes are a huge boost to ROI, they are well publicized and very motivating. The much more frequent failures are kept low key to protect careers.
And, as Dennis Miller often said: “But that’s just my opinion…I could be wrong”
© Scott S. Nelson