Announcement Announcement Module
Collapse
No announcement yet.
session expiry and logout Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • session expiry and logout

    I'm using spring portlet for developing my social networking portal.

    I'm not quite sure how to handle session expiry case. Once the user logs in, i'm creating User object and putting it to session. Once the user clicks logout, i will invalidate the session.

    Once user logs out, if he clicks on Back button on the browser it takes to the previous page with NullPointerException.

    How to avoid this NullPointerException and gracefully take the user back to login screen?

    Any help in this regard is highly appreciated.

    Thank you.

  • #2
    This depends on your portal. In essence when you logout from your portal, if the user tries to go back to an authenticated page then the portal should block this and redirect them to the login page - your spring portlets should never receive the request.

    Comment


    • #3
      Thanks Chris for the reply.

      I didn't get how to implement your suggestion in my code. How to redirect to a different page .... i tried redirect in a SImpleFormController and it's giving IllegalStateException .... something like that.

      I'm checking the User object which i stored in session upon successful login in every page. If that object is null, can i forward to different page? BUt how can do that in my code?

      Can you please elaborate?

      Comment


      • #4
        Have you think about Spring Security? You can simply add it into you application and don't worry about session and similar things...

        Comment


        • #5
          Hi alprimak,

          Thanks for the reply. Sure to try that one.

          Is there any sample program available using spring security ? If so, pls mention where it is available. B'coz my portal ia almost done and lack these functionalities. So, i want to try it out on sample program and then implement on my actual portal. It will be a great help to me.

          Thanks again,

          Comment


          • #6
            So you had solve your problem..

            Comment


            • #7
              Originally posted by laxmiraghu View Post
              Hi alprimak,

              Thanks for the reply. Sure to try that one.

              Is there any sample program available using spring security ? If so, pls mention where it is available. B'coz my portal ia almost done and lack these functionalities. So, i want to try it out on sample program and then implement on my actual portal. It will be a great help to me.

              Thanks again,
              You are welcome. With Spring Security distrib available on the site you can find 2 sample app, also i would like to recommend for you "Spring in Action 2nd edition". As for me, this is great book. Note, Acegi Security is described in it. But, it's not so bad for understanding how Spring Security works.

              Comment


              • #8
                Just Curious:

                Is there a way to redirect to login page when the user session expires? I mean, after using the portal and logout, if user clicks BACK button, can we redirect the user to Login page again? Currently i'm getting NullPointerException.

                I have the book - Spring In Action 2nd Edition. I read little bit on securing web application. Looks like there is bit of code change required.

                Please advice.

                Comment


                • #9
                  Are you building portlets that run in an existing portal platform or are you building a portal platform on top of a portlet container and then deploying portlets into it?

                  If you can tell us more about the specific stack of technologies you are using, we might be able to give more concrete advice on how to proceed on this issue.

                  This specific problem is something the portal should handle, and is not something portlets should worry about.

                  Comment


                  • #10
                    Thanks John for the reply.

                    I'm using portlets that run on existing platorm. I've developed portlets using spring portlet MVC (spring version 2.5.5) and deployed onto jetspeed 2.1.3 portal server on a linux box.

                    Everything works just fine except for the case where user clicks Back button after he logged out from portal. In which case, it displays NullPointerException.

                    Actually once the user successfully log into portal, i'm creating a User object which contains user information and put it into session. When the user go to any other page after logging in, i take this User object from session for displaying who is the logged in user on the header of every page. Once the user logs out, i set this user object to 'null' and invalidate the session. After user logs out and in case, if he clicks Back button, page displays 'NullPointerException'. Here, instead of NullPointerException, i would like to redirect the user to login page.

                    How to achieve this? Please help.

                    Thank you so much.

                    Comment


                    • #11
                      Sounds like a Jetspeed issue to me. I'd raise this on their mailing list.

                      Comment

                      Working...
                      X