Loading...
Important Notice - Forums is archived

To simplify things and help our users to be more productive, we have archived the current forum and focus our efforts on helping developers on Stack Overflow. You can post new questions on Stack Overflow or join our Discord channel.

Product icon
TUTORIAL

Vaadin lets you build secure, UX-first PWAs entirely in Java.
Free ebook & tutorial.

navigate automatically to logoutUrl on session timeout

Michael Grove
9 years ago May 07, 2012 6:22pm

hi,

i'm trying to figure out how to redirect the browser back to the login page on a session timeout. more generally, on a session timeout, communication error, internal error, or out of sync error, i'd like to navigate to spring's /j_spring_security_logout handler, which will take the user back to the login screen.

i'm using vaadin 6.7.8 with jboss 7.0.2. i'm also using spring security.

in my application class, i have the following constants

private static final String LOGOUT_URL = "/j_spring_security_logout";
private static final String APP_CONTEXT_PATH = "/app";
private static final String FULL_LOGOUT_URL = APP_CONTEXT_PATH + LOGOUT_URL;

in my application's init() method, i have

String appContextPath = ((WebApplicationContext)getContext()).getHttpSession().getServletContext().getContextPath();
setLogoutURL(appContextPath + LOGOUT_URL);

in my application class, i've written the following getSystemMessages method

public static SystemMessages getSystemMessages() {
CustomizedSystemMessages m = new CustomizedSystemMessages();
m.setSessionExpiredNotificationEnabled(false);
m.setSessionExpiredURL(FULL_LOGOUT_URL );
m.setCommunicationErrorNotificationEnabled(false);
m.setCommunicationErrorURL(FULL_LOGOUT_URL );
m.setInternalErrorNotificationEnabled(false);
m.setInternalErrorURL(FULL_LOGOUT_URL );
m.setOutOfSyncNotificationEnabled(false);
m.setOutOfSyncURL(FULL_LOGOUT_URL );
return m;
}

and to help with debugging, i've overridden Application.close()

@Override
public void close() {
super.close();
}

if i force a CommunicationError (e.g. i take down JBoss while a browser has loaded the app, then perform an action in the browser that requires server communication) i see the browser navigate as expected to the FULL_LOGOUT_URL .

i also have a 'Sign Out' button in my app, which when clicked calls getApplication().close(). as part of this processing, i see the client redirected to the logoutUrl (AbstractCommunicationManager.endApplication() makes this happen)..

on a session timeout, Application.close() is called, as i expect. but we never redirect the client to logoutUrl or FULL_LOGOUT_URL. AbstractCommunicationManager.endApplication() is not called. if the user attempts to use the application in a browser after the session has timed out (e.g. they click something that makes a backend call), we'll get a CommunicationError, which will force the user back to the FULL_LOGOUT_URL . but i'd like the client to automatically be taken to FULL_LOGOUT_URL (or logoutUrl) on a session timeout, without manual interaction required.

is there a way to accomplish this?

ideally i'd like the client to 'know' it was a session timeout (and not any old CommunicationError) so that i can include a message like 'Your session timed out' on the login screen. but at least initially, if i can make the app navigate back to logoutUrl/FULL_LOGOUT_URL without the user having to click something, that'd be great.

thanks.

-mike

Last updated on May, 7th 2012
Steve Berube
9 years ago May 29, 2012 12:58pm
Tobias Demuth
9 years ago May 30, 2012 5:19pm
Michael Grove
9 years ago Jun 05, 2012 7:46pm
Tobias Demuth
9 years ago Jun 06, 2012 12:03pm
Bobby Bissett
9 years ago Jun 11, 2012 5:40pm
Henri Sara
9 years ago Jun 12, 2012 7:08am
anto praveen fathima xavier
7 years ago May 19, 2014 3:10pm