How to override the SessionManagement filter for expired sessionsGet Session to expire gracefully in ASP.NETHow do I expire a PHP session after 30 minutes?Handling 'session expired' in JSF web application, running in JBoss AS 5How to expire session due to inactivity in Django?Transfer session across server in PHPSession Cookie Not Expiring in AndroidNode session cookie that expiresChecking session expiration in the browserhow to programmatically invalidate a session using spring securityHow to determine if a user's session has expired

Entering the US with dual citizenship but US passport is long expired?

Are there mathematical concepts that exist in the fourth dimension, but not in the third dimension?

Where on Earth is it easiest to survive in the wilderness?

How should Thaumaturgy's "three times as loud as normal" be interpreted?

Could this estimate of the size and mass of the Chicxulub Impactor be accurate?

What is the purpose of the rotating plate in front of the lock?

In-universe, why does Doc Brown program the time machine to go to 1955?

What drugs were used in England during the High Middle Ages?

Why did Boris Johnson call for new elections?

How to interpret or parse this confusing 'NOT' and 'AND' legal clause

"syntax error near unexpected token" after editing .bashrc

Do I need to declare engagement ring bought in UK when flying on holiday to US?

Opportunity profits vs. opportunity costs

How do I use NEC PC-6001 .p6 or .cas files?

Are language and thought the same?

How does the UK House of Commons think they can prolong the deadline of Brexit?

Why would image resources loaded from different origins triggering HTTP authentication dialogs be harmful?

How could a planet have one hemisphere way warmer than the other without the planet being tidally locked?

Why would one hemisphere of a planet be very mountainous while the other is flat?

What does it mean to count a group of numbers with their multiplicity?

How do I make my fill-in-the-blank exercise more obvious?

Why does the UK Prime Minister need the permission of Parliament to call a general election?

Is there some sort of French saying for "a person's signature move"?

Fantasy Military Arms and Armor: the Dwarven Grand Armory



How to override the SessionManagement filter for expired sessions


Get Session to expire gracefully in ASP.NETHow do I expire a PHP session after 30 minutes?Handling 'session expired' in JSF web application, running in JBoss AS 5How to expire session due to inactivity in Django?Transfer session across server in PHPSession Cookie Not Expiring in AndroidNode session cookie that expiresChecking session expiration in the browserhow to programmatically invalidate a session using spring securityHow to determine if a user's session has expired






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








0















So I will try and summarize the best way I know possible:



1) Tomcat session expiry is 20 minutes



2) User makes a request and gets a sessionID 123



3) User goes on break



4) User comes back and clicks on a link in app



5) Tomcat removes session so session id is invalid



Now what I want to happen is call the invalidSessionStrategy hook to clear the sessionID out of the cookie and return a 401 to my Angular code to prompt user for feedback to continue.



The problem that I am having is this code in the SessionManagementFilter:



if (request.getRequestedSessionId() != null && !request.isRequestedSessionIdValid()) 
if (this.logger.isDebugEnabled())
this.logger.debug("Requested session ID " + request.getRequestedSessionId() + " is invalid.");


if (this.invalidSessionStrategy != null)
this.invalidSessionStrategy.onInvalidSessionDetected(request, response);
return;




Since Tomcat expired the Session and the session id is no longer there, the getRequestedSessionId() !== null will return false and bypass my hook.



The isRequestedSessionIdValid() already checks to see if the getRequestedSessionId() is null and if so returns false. That first check getRequestedSessionId() is preventing me from getting the invalidSessionStrategy call back.



Has anyone experienced this? I have tried to subclass but cannot because of the private members..Does anyone else have any ideas?



Thank you so much in advance!










share|improve this question


























  • Since Tomcat expired the Session and the session id is no longer there, the getRequestedSessionId() !== null will return false That's wrong, see getRequestedSessionId It returns the session ID from client's cookie.

    – dur
    Mar 28 at 8:23


















0















So I will try and summarize the best way I know possible:



1) Tomcat session expiry is 20 minutes



2) User makes a request and gets a sessionID 123



3) User goes on break



4) User comes back and clicks on a link in app



5) Tomcat removes session so session id is invalid



Now what I want to happen is call the invalidSessionStrategy hook to clear the sessionID out of the cookie and return a 401 to my Angular code to prompt user for feedback to continue.



The problem that I am having is this code in the SessionManagementFilter:



if (request.getRequestedSessionId() != null && !request.isRequestedSessionIdValid()) 
if (this.logger.isDebugEnabled())
this.logger.debug("Requested session ID " + request.getRequestedSessionId() + " is invalid.");


if (this.invalidSessionStrategy != null)
this.invalidSessionStrategy.onInvalidSessionDetected(request, response);
return;




Since Tomcat expired the Session and the session id is no longer there, the getRequestedSessionId() !== null will return false and bypass my hook.



The isRequestedSessionIdValid() already checks to see if the getRequestedSessionId() is null and if so returns false. That first check getRequestedSessionId() is preventing me from getting the invalidSessionStrategy call back.



Has anyone experienced this? I have tried to subclass but cannot because of the private members..Does anyone else have any ideas?



Thank you so much in advance!










share|improve this question


























  • Since Tomcat expired the Session and the session id is no longer there, the getRequestedSessionId() !== null will return false That's wrong, see getRequestedSessionId It returns the session ID from client's cookie.

    – dur
    Mar 28 at 8:23














0












0








0








So I will try and summarize the best way I know possible:



1) Tomcat session expiry is 20 minutes



2) User makes a request and gets a sessionID 123



3) User goes on break



4) User comes back and clicks on a link in app



5) Tomcat removes session so session id is invalid



Now what I want to happen is call the invalidSessionStrategy hook to clear the sessionID out of the cookie and return a 401 to my Angular code to prompt user for feedback to continue.



The problem that I am having is this code in the SessionManagementFilter:



if (request.getRequestedSessionId() != null && !request.isRequestedSessionIdValid()) 
if (this.logger.isDebugEnabled())
this.logger.debug("Requested session ID " + request.getRequestedSessionId() + " is invalid.");


if (this.invalidSessionStrategy != null)
this.invalidSessionStrategy.onInvalidSessionDetected(request, response);
return;




Since Tomcat expired the Session and the session id is no longer there, the getRequestedSessionId() !== null will return false and bypass my hook.



The isRequestedSessionIdValid() already checks to see if the getRequestedSessionId() is null and if so returns false. That first check getRequestedSessionId() is preventing me from getting the invalidSessionStrategy call back.



Has anyone experienced this? I have tried to subclass but cannot because of the private members..Does anyone else have any ideas?



Thank you so much in advance!










share|improve this question
















So I will try and summarize the best way I know possible:



1) Tomcat session expiry is 20 minutes



2) User makes a request and gets a sessionID 123



3) User goes on break



4) User comes back and clicks on a link in app



5) Tomcat removes session so session id is invalid



Now what I want to happen is call the invalidSessionStrategy hook to clear the sessionID out of the cookie and return a 401 to my Angular code to prompt user for feedback to continue.



The problem that I am having is this code in the SessionManagementFilter:



if (request.getRequestedSessionId() != null && !request.isRequestedSessionIdValid()) 
if (this.logger.isDebugEnabled())
this.logger.debug("Requested session ID " + request.getRequestedSessionId() + " is invalid.");


if (this.invalidSessionStrategy != null)
this.invalidSessionStrategy.onInvalidSessionDetected(request, response);
return;




Since Tomcat expired the Session and the session id is no longer there, the getRequestedSessionId() !== null will return false and bypass my hook.



The isRequestedSessionIdValid() already checks to see if the getRequestedSessionId() is null and if so returns false. That first check getRequestedSessionId() is preventing me from getting the invalidSessionStrategy call back.



Has anyone experienced this? I have tried to subclass but cannot because of the private members..Does anyone else have any ideas?



Thank you so much in advance!







session spring-security






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Mar 28 at 4:28









Tiw

4,4806 gold badges18 silver badges30 bronze badges




4,4806 gold badges18 silver badges30 bronze badges










asked Mar 27 at 19:09









thunderman74thunderman74

1




1















  • Since Tomcat expired the Session and the session id is no longer there, the getRequestedSessionId() !== null will return false That's wrong, see getRequestedSessionId It returns the session ID from client's cookie.

    – dur
    Mar 28 at 8:23


















  • Since Tomcat expired the Session and the session id is no longer there, the getRequestedSessionId() !== null will return false That's wrong, see getRequestedSessionId It returns the session ID from client's cookie.

    – dur
    Mar 28 at 8:23

















Since Tomcat expired the Session and the session id is no longer there, the getRequestedSessionId() !== null will return false That's wrong, see getRequestedSessionId It returns the session ID from client's cookie.

– dur
Mar 28 at 8:23






Since Tomcat expired the Session and the session id is no longer there, the getRequestedSessionId() !== null will return false That's wrong, see getRequestedSessionId It returns the session ID from client's cookie.

– dur
Mar 28 at 8:23













0






active

oldest

votes










Your Answer






StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);














draft saved

draft discarded
















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55384822%2fhow-to-override-the-sessionmanagement-filter-for-expired-sessions%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes




Is this question similar to what you get asked at work? Learn more about asking and sharing private information with your coworkers using Stack Overflow for Teams.







Is this question similar to what you get asked at work? Learn more about asking and sharing private information with your coworkers using Stack Overflow for Teams.




















draft saved

draft discarded















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55384822%2fhow-to-override-the-sessionmanagement-filter-for-expired-sessions%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Kamusi Yaliyomo Aina za kamusi | Muundo wa kamusi | Faida za kamusi | Dhima ya picha katika kamusi | Marejeo | Tazama pia | Viungo vya nje | UrambazajiKuhusu kamusiGo-SwahiliWiki-KamusiKamusi ya Kiswahili na Kiingerezakuihariri na kuongeza habari

SQL error code 1064 with creating Laravel foreign keysForeign key constraints: When to use ON UPDATE and ON DELETEDropping column with foreign key Laravel error: General error: 1025 Error on renameLaravel SQL Can't create tableLaravel Migration foreign key errorLaravel php artisan migrate:refresh giving a syntax errorSQLSTATE[42S01]: Base table or view already exists or Base table or view already exists: 1050 Tableerror in migrating laravel file to xampp serverSyntax error or access violation: 1064:syntax to use near 'unsigned not null, modelName varchar(191) not null, title varchar(191) not nLaravel cannot create new table field in mysqlLaravel 5.7:Last migration creates table but is not registered in the migration table

은진 송씨 목차 역사 본관 분파 인물 조선 왕실과의 인척 관계 집성촌 항렬자 인구 같이 보기 각주 둘러보기 메뉴은진 송씨세종실록 149권, 지리지 충청도 공주목 은진현