{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 何必那么认真 的问题《How to properly message a session timeout in JSP?》','https://www.manongdao.com/q-1373753.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Using the default <session-timeout> setting for JSP, I want to show an "Your session expired (30 min)" message after the session expire and bring the user back to the login page.
To use ((HttpServletRequest) request).getSession(false) == null to detect it isn't doing the job properly, because the session will be null already at the first time the user enters the application, making the message pop right on.
How can I avoid this? Is there a way to customize JSP's HttpSession so I could know when the real event happened?
How about using
request.isRequestedSessionIdValid()method (pseudo code):How about setting a cookie indicating last login? If the cookie is valid and url is not login url, then the session timeout message can be shown.