Announcement Announcement Module
No announcement yet.
execute additional code on session timeout Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • execute additional code on session timeout


    is there a way of executing additional code when a page has been requested, but the session has timed out?
    I have configured my application to redirect the user to the login page using the invalid-session-url attribute of the session-management tag. But i need to delete user specific pictures in this case, so it would be nice if there exists a way similar to this one (which does not work, because it seems that the user is logged out already when session expired):
    Mapping the invalid-session-url to a controller, there I could handle this case and add some necessary code. I would logout the user and invalidate the session manually.

    Any ideas?

  • #2
    Session-timeout is controlled by the servlet container. Use an HttpSessionListener if you want to do something when the session is destroyed.


    • #3
      OK this works, but I need the Authentication object of the current SecurityContext, which seems to be null already, when the sessionDestroyed method is called. I hope there is a way for this?


      • #4
        The sessionDestroyed method is not called in response to a user request, so there won't be any thread-local security context available. You will need to read the information directly from the session attribute.

        Either that or cache whatever information your application needs separately in the session under your own attribute name.


        • #5
          thank you, I can get the SecurityContext out of the session via calling getAttribute("SPRING_SECURITY_CONTEXT"). Then I can access my custom userdetails object, too.

          Thank you for your help