Setting session timeout in servlet API 2.0 - based JSP (Apache/JServ)

Similar Messages

• How to set session timeout per user

  Hi,
  Ho do I set the session timeout per User in the
  Application.cfm File??
  I tried using
  <cfif SESSION.UID EQ 1>
  <CFAPPLICATION NAME="appControl" SESSIONMANAGEMENT="Yes"
  sessiontimeout="#CreateTimeSpan(0,0,20,0)#">
  </cfelse>
  <CFAPPLICATION NAME="appControl" SESSIONMANAGEMENT="Yes"
  sessiontimeout="#CreateTimeSpan(1,0,0,0)#">
  </cfif>
  But this didnt work because the cfapplication seems to have
  to be at the top before I call the variable SESSION.UID which
  I set on my login page..
  Someone know how to do this??
  Regards
  Martin

  Martin,
  Your code example cannot work because the "session" scope
  doesn't exist until your application scope is defined. So you have
  to handle this manually. Here's how you can get it done. First,
  define your application to the maximum sessiontimeout you want to
  have.
  <CFAPPLICATION NAME="appControl" SESSIONMANAGEMENT="Yes"
  SESSIONTIMEOUT="#CreateTimeSpan(1,0,0,0)#">
  Then, I don't know how you are doing your login
  authentication but when you have authenticated the user, you need
  to define the userid and the most recent activity in the session.
  Also determine your timeout value based on the userid. See example:
  <CFIF IS_AUTHENTICATED>
  <CFSET session.user.uid = form.userid>
  <CFSET session.user.most_recent_activity = now()>
  <CFIF session.user.id eq 1>
  <CFSET session.user.timeout_mins = 20>
  <CFELSE>
  <CFSET session.user.timeout_mins = 1440>
  </CFIF>
  </CFIF>
  Now, all you have to do is check whether the user has been
  idle for too long and kill the session by purging all session
  variables. For example:
  <!--- if user id is defined, this means user is logged in
  --->
  <CFIF structKeyExists(session, "user") and
  structKeyExists(session.user, "id")>
  <!--- check if timeout has expired --->
  <CFIF datediff("n", session.user.most_recent_activity,
  now()) gt session.user.timeout_mins>
  <!--- timeout has expired, kill the session and log the
  user out --->
  <CFSET StructClear(session)>
  <!--- insert your logout code here --->
  <CFELSE>
  <!--- user hasn't timed out, so reset the most recent
  activity to now --->
  <CFSET session.user.most_recent_activity = now()>
  </CFIF>
  </CFIF>

• EJB 3.0 Stateful - Setting session timeout in configuration

  Hello Everyone,
  I am working with EJB v3.0 and Glassfish as the app server. In case of Stateful EJB, when we explicitely annotate a method with '@Remove', the bean instance is removed from the container when this method is invoked from the client. However, I just wanted to know if there is any way so that I can override the session timeout value (in configuration or via annotations) such that if no client calls this instance for some configured time, the bean is removed by the container automatically.
  Regards,
  San

  Using a Stateful Session facade from a Servlet is not necessarily a bad design. In some cases, you may want to do some cleanup work on completion of a transaction. Stateful Session beans provide a convenient way (By implementing SessionSynchronization interface) to do this.
  In the servlet programming model, Servlets are not designed to be single threaded. So if you inject a StatefulSessionBean (SFSB) references then multiple threads could be possibly be invoking the SFSB concurrently. In this case, the EJBContainer (as required by the specification), will throw a well defined exception.
  What you may want to do is to place this SFSB reference into you Servlet session.

• Setting Session Timeout for HANA Cloud Portal

  Hi all,
  is there any way for setting the session timeout period on HANA cloud Portal?
  If not, what is the predefined session timeout?
  Thank you in advance.
  Silvia Grabmann

  Hi Silvia,
  Session timeout is 20 minutes and cannot be changed. In fact it is configured at the platform level.
  Regards,
  Ifat.

• Setting session timeout in OracleWeblogic Server

  Hi All,
  I have doubt in setting session time out in Oracle WLS server 12c. Please suggest,
  There are two ways as i know editing the below files.
  1) weblogic.xml
  2) web.xml
  But when I open the weblogic.xml it has the below code, if we edit the value in
  <timeout-secs>3600</timeout-secs>
  the value implied for the admin console only as i know, the admin console will ask the user to re-login if the session is idle for morethan 6 mins.
  But If there is an application deployed like a bank.war file and customer is accessing the application. I want to set the user session time out to 2 mins i.e 120 seconds. How to set this in the server level ?
  Oracle Webogic server level ?
  <session-descriptor>
      <timeout-secs>3600</timeout-secs>
      <invalidation-interval-secs>60</invalidation-interval-secs>
      <cookie-name>ADMINCONSOLESESSION</cookie-name>
      <cookie-max-age-secs>-1</cookie-max-age-secs>
      <url-rewriting-enabled>false</url-rewriting-enabled>
  </session-descriptor>
  In the default web,xml  there is no param called timeout..
  Thanks
  Venkat

  Hello Venkat,
  I have implemented the same in my Application(OBIEE).Check it may helpful for you.
  Sasi Nagireddy: HOW TO CONFIGURE SESSION TIMEOUT IN OBIEE-11G..
  Thanks,
  Sasi Nagireddy..

• Iplanet 4.1 - How to set session timeout for a specific application

  Hi everyone,
  I have a Iplanet 4.1 old web instance running on Solaris 8. We are using this web instance to connect to few application instances running on Websphere 3.5. We have upgraded most of our web/app to higher version except this.
  One of the websphere applications need more session timeout. (Which I fuguredout not possible to do on Websphere).
  How do I achieve this on Iplanet 4.1.
  NOTE: I referred to Iplanet 6.x where we can achieve this by updating web-app.xml timeOut value per URI. I do not find web-app.xml under v4.1
  Thanks in advance,

  Sorry to say that we can't help here. WS4.1 is obsolete a long time ago.
  As you mentioned that you should use WS6.1SPx or WS7.0 for your production and get support.

• Maintain session when calling servlet from form in a JSP

  I have the following set up:
  index.jsp calls login servlet from the action tag in a form.
  Login servlet handles the login, stores the user info and db connection in the session and uses forward(req,res) to call another jsp.
  That jsp has a form where user enters search info and in that form's action tag there is a search servlet. In the search servlet I am unable to access the session.
  Is there any way to pass the session to the servlet from that jsp using a form/action?

  I've read elsewhere that if you go from a jsp to a servlet that the >request object is cleared of any attributes from the previous request.which is correct. But arent we speaking about session object here? A request object is valid for a request - ie the phase from where the server receieves a hit for a resource upto the point it sends the output for that request.
  A session spans multiple requests.
  it doesn't retrieve the session info and gives me a null pointer >exception when I try to use the connection object stored in the session.Bad bad bad . Why do you store Connection objects in session? Create them when necessary or use a connection pool. Do you for example clean up the connections when the session expires. What if its a 30 minute session and the user hits every say 15 minutes with a request. Why do you need to hold on to the Connection in the intervening interval when the user's session is inactive?
  gives me a null pointer exception when I try to use the connection object stored in the session.which means that the Connection object is null - not the session object.
  That last line is where I get the null pointer exception. And that is
  Statement stmt = con.createStatement();?
  Same answer as above.
  If the session object was null,
  userSession.getAttribute("connection");would have thrown a NPE.
  ram.

• Once i set classpath to servlet-api.jar, it doesnt Instantiate DbBean.

  I am using notepad editor. I am trying to instantiate a DbBean class inside the servlet's init() method.
  once i set (C:\Program Files\Apache Software Foundation\Tomcat 5.0\common\lib\servlet-api.jar) this path to compile the Controller servlet.
  C:\Program Files\Apache Software Foundation\Tomcat 5.0\webapps\ROOT\WEB-INF\classes>set classpath=C:\Program Files\Apache Software Foundation\Tomcat 5.0\common\lib\servlet-api.jar
  C:\Program Files\Apache Software Foundation\Tomcat 5.0\webapps\ROOT\WEB-INF\classes>javac Controller.java
  Controller.java:5: package bean does not exist
  import bean.DbBean;
  ^
  Controller.java:14: cannot find symbol
  symbol : class DbBean
  location: class Controller
  DbBean dbbean = new DbBean();
  ^
  Controller.java:14: cannot find symbol
  symbol : class DbBean
  location: class Controller
  DbBean dbbean = new DbBean();
  ^
  3 errors
  C:\Program Files\Apache Software Foundation\Tomcat 5.0\webapps\ROOT\WEB-INF\classes>
  this is my servlet
  import java.sql.*;
  import java.io.*;
  import javax.servlet.*;
  import javax.servlet.http.*;
  import bean.DbBean;
  public class Controller extends HttpServlet
  public void init(ServletConfig config)throws ServletException
  ServletContext context = config.getServletContext();
  context.setAttribute("base_url",config.getInitParameter("base_url"));
  {color:#ff0000}DbBean dbbean = new DbBean();{color} {color:#0000ff}error showing in this line
  {color}dbbean.setDburl(config.getInitParameter("dburl"));
  dbbean.setUserName(config.getInitParameter("username"));
  dbbean.setPassward(config.getInitParameter("pwd"));
  /// database bean can be access from jsp page
  context.setAttribute("dbbean",dbbean);
  /// Load the data base driver
  try{
  Class.forName(config.getInitParameter("jdbcDriver"));
  catch(ClassNotFoundException e)
  System.out.println(e.toString());
  super.init(config);
  public void doGet(HttpServletRequest req, HttpServletResponse res)throws ServletException,IOException
  doPost(req,res);
  public void doPost(HttpServletRequest req, HttpServletResponse res)throws ServletException,IOException
  String base = "/onlinetest1/";
  String url = base + "login.jsp";
  String action = req.getParameter("action");
  if(action!=null)
  if(action.equals("successlogin.jsp"));
  url = base + "successlogin.jsp";
  RequestDispatcher dispatcher = getServletContext().getRequestDispatcher(url);
  dispatcher.forward(req,res);
  public void destroy()
  System.out.println("Servlet stopped");
  This below class can be put inside bean folder( (ie)sub dir of controller servlet)
  package bean;
  import java.sql.*;
  import java.util.*;
  import java.io.*;
  public class DbBean
  String dburl="";
  String dbuser="";
  String dbpass="";
  public void setDburl(String url)
  dburl = url;
  public void setUserName(String uname)
  dbuser = uname;
  public void setPassward(String pwd)
  dbpass = pwd;
  What to do to rectify this, please help me why this error coming,

  hi,
  Actually i did my ordinary package compilation example below, its run correctly, but after set classpath to %tomcat-home%\common\lib\servlet-api.jar(for same programs its not working) this kinds of error coming.
  F:\shyam\test>javac first.java
  F:\shyam\test>java first
  main class
  DB Set Correctly
  F:\shyam\test>set classpath=C:\Program Files\Apache Software Foundation\Tomcat 5.0\common\lib\servlet-api.jar
  F:\shyam\test>javac first.java
  first.java:1: package bean does not exist
  import bean.DbBean;
  ^
  first.java:10: cannot find symbol
  symbol : class DbBean
  location: class first
  DbBean dbbean = new DbBean();
  ^
  first.java:10: cannot find symbol
  symbol : class DbBean
  location: class first
  DbBean dbbean = new DbBean();
  ^
  3 errors
  F:\shyam\test>
  In compilation it wont take DbBean class, please help me.
  thanks in advance,
  S.Shyam

• JSP Session Timeout in multiple pages (iframes used)

  Hi,
  Here is my scenario. I have a JSP Page i.e. A.jsp in which I am setting a session timeout to 3 minutes. I also have another JSP included i.e. B.jsp in the same page (A.jsp) using the following code i.e.
  <IFRAME SRC="B.jsp" width="100%" height="800" frameborder="0" align="center">
           <!-- Alternate content for non-supporting browsers -->
  </IFRAME>I am also setting a session timeout to 1 minute in the B.jsp. Now if the session timeout in one of the pages i.e. A.jsp or B.jsp I want to route to a different page i.e. C.jsp.
  Now my problem is if the session timeouts in the B.jsp the C.jsp is shown inplace of the B.jsp page inside A.jsp. Means A.jsp still shows it's content at top and under it C.jsp is shown. I want to route to C.JSP page if a session timeouts in A.jsp or B.jsp and only show C.jsp.
  Any help is appreciated.
  Thanks

  Where exactly I put the javascript. Here is currently I am checking for the session timeout:
  String error = (String) request.getAttribute("Error");
      if (error != null)
          out.write("<center><strong>");
          out.write("<font color=\"Red\">");
          out.write(error);
          out.write("</font>");
          out.write("</strong></center>");
      response.setHeader("Cache-Control","no-cache"); //forces caches to obtain a new copy of the page from the origin server
      response.setHeader("Cache-Control","no-store"); //directs caches not to store the page under any circumstance
      response.setDateHeader("Expires", 0); //causes the proxy cache to see the page as "stale"
      response.setHeader("Pragma","no-cache"); //HTTP 1.0 backward compatibility
      String userName = (String) session.getAttribute("User");
      if (null == userName)
          request.setAttribute("Error", "Session has ended. Please login.");
          RequestDispatcher rd = request.getRequestDispatcher("C.jsp");
          rd.forward(request, response);
  ................The same code is in A.jsp and B.jsp. If I want to use the javascript to check if it's the top frame or not and redirect properly where exactly I need to put that code.
  Thanks

• Hi I have two questions. I am using NAS 4.1 and was wondering is it possible to set a different session timeout for different users? How is the session timeout set? Thanks, YS

   

  <i>I am using NAS 4.1 and was wondering is it possible to set a different session timeout for different users?</i>
  Um, there is no such thing as NAS4.1.
  I'm assuming that you mean NAS4.0 (maybe NAS4.0sp1?). If so, then the session timeouts are specified in the session section of the NTV configuration files.
  AFAIK, you can specify session timeouts on a per user basis.

• Session Timeout Setting in Business Intelligence Platform 4

  Greetings.  We are using Business Intelligence Platform 4 SP 2.5.  We use LDAP authentication for logging in to the CMC, BI Launchpad, and Lifecycle Management console.  Our sessions expire after 10 minutes (of either activity or inactivity).  I haven't been able to find the setting that controls the timeout.  Does anyone know?
  Thank you in advance,
  Dave

  Hi Dave,
  TO make the change for the timeout we need to navigate to following location:
  1. Program Files (x86)\SAP BusinessObjects\Tomcat6\webapps\BOE\WEB-INF
  2. Open the web.xml. Search for the "session-timeout" and change the value to as per your requirement.
  3. This change would take effect on both CMC and BI LaunchPad.
  4. Restart the Tomcat.
  At <INSTALLDIR>\Tomcat6\conf\web.xml change 30 to 60:
      <session-config>
          <session-timeout>60</session-timeout>
      </session-config>
  Regards,
  Sonia

• Portal Session Timeout Setting

  There is a JServ session and a portal session. I know how to control session timeout and session clean up frequency in JServ - that's in zone.properties. But, I dont know how to set timeout for portal session, i.e., I'd like to have the user be forced to login again when he has been idle for 15 mins - and only if he has been idle. Jserv session settings are not sufficient for this because Portal has it's own session that must time out.
  How to set this timeout value (I'm using my own provider which has a timeout setting in zone.properties and includes a bunch of JSP portlets)? Also, is there a clean up thread for which the frequency has to be set?

  I've contacted metalink weeks ago, and this is NOW, a know bug...
  Incredible... Oracle just DO NOT TEST their products... Even a simple SESSION timeout do not work. Also, if I click back after "I log In and Log out" ... Session still up without have to login again!
  BUG 2442268

• Setting and/or detecting Servlet timeout

  Hi everyone!
  We have a servlet that we need to monitor if it is hanging up, and we decided to set up a servlet timeout mechanism; in other words, we will set a timeout delay for the servlet to load, and when the timeout delay (say, 5 minutes) has passed, we decide that it has already hung.
  Is there a way to set servlet timeouts? I would prefer an answer that does not require me to tweak the server timeout.
  Thank you very much!

  Jason, I do not think that there is any mechanism that will remove a servlet instance once it has been idle for a certain amount of time. For performance reason, it is removed only for some infrequent events, such as web server shutdown.
  May I ask what is your motivation?

• Set a timeout for crystal sessions while using the Windows.Forms.Viewer?

  Hi,
  I am looking for a way to set the timeout for the crystal report sessions when using the Windows.Forms.Viewer in a .NET application. I guess that the default value is 20 minutes (like in the entperprise installations) but we cannot afford to keep many sessions open for that long. Is there a registry entry which can be set? Or even a way to do this programmatically?
  Thank you in advance,
  Stratos

  Hi David,
  we are talking here about a standalone .NET application where the reports are installed locally (like the application itself). We are not retrieving the reports from a server. The whole thing was developed using the crystal report viewer model probably because it was easier to do so. Is there a method in this model to tell the crystal runtime to do the clean-up work either for a report (like the ReportDocument.Close() ) or for the entire runtime instance. Dispose() does not seem to help us. If you say that there is no other way than redesign then we have to consider this option also.
  Cheers
  Stratos
  PS: What I was thinking of (as Plan B instead of using the ReportDocument object model) is to instantiate the crystal report viewer object in a separate process (.exe). Please note that we open a new crystal report viewer windows for each report, which is displayed. Closing the viewer window (ie. terminate the process) will at least then clean up and release the crystal DLLs and hopefully close the database connections. Or am I missing something here?
  Edited by: Efstratios Karaivazoglou on Jul 29, 2008 10:05 PM

• Session Timeout directly taking to login page

  Hi,
  In our application when session time out happens, it is directly taking to login page, instead of showing the time out error message . We have a CustomExceptionHandler defined in our application. When I debugged, I identified that the following error message
  <StateManagerImpl><restoreView> Could not find saved view state for token -ppfn0o4n8 (*ADF_FACES-30107)*
  comes when user clicks login the second time.
  We want to know how to get the error message first before it goes to the login page? Any configuration we are missing?
  Here is our applications web.xml
  <?xml version = '1.0' encoding = 'UTF-8'?>
  <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">
  <description>Empty web.xml file for Web Application</description>
  <context-param>
  <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
  <param-value>client</param-value>
  </context-param>
  <context-param>
  <param-name>jndiContext</param-name>
  <param-value>inv</param-value>
  </context-param>
  <context-param>
  <param-name>UserEnvironmentName</param-name>
  <param-value>UserEnvironment</param-value>
  </context-param>
  <context-param>
  <param-name>CacheConfigureFile</param-name>
  <param-value>inv-cache.xml</param-value>
  </context-param>
  <context-param>
  <param-name>SecurityRepositoryClass</param-name>
  <param-value>oracle.communications.inventory.api.framework.security.impl.SecurityRepositoryImpl</param-value>
  </context-param>
  <context-param>
  <description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
  <param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
  <param-value>false</param-value>
  </context-param>
  <context-param>
  <param-name>oracle.adfinternal.view.rich.libraryPartitioning.ENABLED</param-name>
  <param-value>true</param-value>
  </context-param>
  <context-param>
  <param-name>ilog.views.faces.CONTROLLER_PATH</param-name>
  <param-value>/_contr</param-value>
  </context-param>
  <context-param>
  <param-name>ilog.views.faces.CONTENT_LENGTH_ENABLED</param-name>
  <param-value>true</param-value>
  </context-param>
  <context-param>
  <description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
  <param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
  <param-value>false</param-value>
  </context-param>
  <context-param>
  <param-name>APPLICATION_NAME</param-name>
  <param-value>Unified Inventory Management</param-value>
  </context-param>
  <context-param>
  <param-name>COPYRIGHT_FROM_YEAR</param-name>
  <param-value>2007</param-value>
  </context-param>
  <context-param>
  <param-name>COPYRIGHT_TO_YEAR</param-name>
  <param-value>2011</param-value>
  </context-param>
  <context-param>
  <!-- Maximum memory per request (in bytes) -->
  <param-name>org.apache.myfaces.trinidad.UPLOAD_MAX_MEMORY</param-name>
  <!-- Use 500K -->
  <param-value>512000</param-value>
  </context-param>
  <context-param>
  <!-- Maximum disk space per request (in bytes) -->
  <param-name>org.apache.myfaces.trinidad.UPLOAD_MAX_DISK_SPACE</param-name>
  <!-- Use 100M -->
  <param-value>104857600</param-value>
  </context-param>
  <filter>
  <filter-name>trinidad</filter-name>
  <filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
  </filter>
  <filter-mapping>
  <filter-name>trinidad</filter-name>
  <servlet-name>Faces Servlet</servlet-name>
  <dispatcher>FORWARD</dispatcher>
  <dispatcher>REQUEST</dispatcher>
  </filter-mapping>
  <listener>
  <listener-class>oracle.communications.inventory.api.framework.listener.ContextListener</listener-class>
  </listener>
  <listener>
  <listener-class>oracle.communications.inventory.ui.framework.IlogContextListener</listener-class>
  </listener>
  <!-- Cartridge Installer servlet for post re-deploy -->
  <listener>
  <listener-class>
  oracle.communications.inventory.cartridge.deploy.CartridgeInstallerServletContextListener
  </listener-class>
  </listener>
  <persistence-context-ref>
  <persistence-context-ref-name>persistence/EntityManager</persistence-context-ref-name>
  <persistence-unit-name>default</persistence-unit-name>
  </persistence-context-ref>
  <listener>
  <listener-class>oracle.adf.mbean.share.connection.ADFConnectionLifeCycleCallBack</listener-class>
  </listener>
  <listener>
  <listener-class>oracle.adf.mbean.share.config.ADFConfigLifeCycleCallBack</listener-class>
  </listener>
  <servlet>
  <servlet-name>BIGRAPHSERVLET</servlet-name>
  <servlet-class>oracle.adfinternal.view.faces.bi.renderkit.graph.GraphServlet</servlet-class>
  </servlet>
  <servlet>
  <servlet-name>BIGAUGESERVLET</servlet-name>
  <servlet-class>oracle.adfinternal.view.faces.bi.renderkit.gauge.GaugeServlet</servlet-class>
  </servlet>
  <servlet>
  <servlet-name>MapProxyServlet</servlet-name>
  <servlet-class>oracle.adfinternal.view.faces.bi.renderkit.geoMap.servlet.MapProxyServlet</servlet-class>
  </servlet>
  <servlet>
  <servlet-name>GatewayServlet</servlet-name>
  <servlet-class>oracle.adfinternal.view.faces.bi.renderkit.graph.FlashBridgeServlet</servlet-class>
  </servlet>
  <servlet>
  <servlet-name>media</servlet-name>
  <servlet-class>oracle.communications.inventory.ui.media.servlet.MediaServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>BIGRAPHSERVLET</servlet-name>
  <url-pattern>/servlet/GraphServlet/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>BIGAUGESERVLET</servlet-name>
  <url-pattern>/servlet/GaugeServlet/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>MapProxyServlet</servlet-name>
  <url-pattern>/mapproxy/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>resources</servlet-name>
  <url-pattern>/bi/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>GatewayServlet</servlet-name>
  <url-pattern>/flashbridge/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>media</servlet-name>
  <url-pattern>/media_image</url-pattern>
  </servlet-mapping>
  <resource-ref>
  <res-ref-name>wm/ruleWorkManager</res-ref-name>
  <res-type>commonj.work.WorkManager</res-type>
  <res-auth>Container</res-auth>
  <res-sharing-scope>Unshareable</res-sharing-scope>
  </resource-ref>
  <filter>
  <filter-name>JpsFilter</filter-name>
  <filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
  <init-param>
  <param-name>enable.anonymous</param-name>
  <param-value>true</param-value>
  </init-param>
  <init-param>
  <param-name>remove.anonymous.role</param-name>
  <param-value>false</param-value>
  </init-param>
  <init-param>
  <param-name>addAllRoles</param-name>
  <param-value>true</param-value>
  </init-param>
  <init-param>
  <param-name>jaas.mode</param-name>
  <param-value>doasprivileged</param-value>
  </init-param>
  </filter>
  <filter>
  <filter-name>ADFLibraryFilter</filter-name>
  <filter-class>oracle.adf.library.webapp.LibraryFilter</filter-class>
  </filter>
  <filter>
  <filter-name>adfBindings</filter-name>
  <filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
  </filter>
  <filter-mapping>
  <filter-name>JpsFilter</filter-name>
  <servlet-name>Faces Servlet</servlet-name>
  <dispatcher>FORWARD</dispatcher>
  <dispatcher>REQUEST</dispatcher>
  <dispatcher>INCLUDE</dispatcher>
  </filter-mapping>
  <filter-mapping>
  <filter-name>ADFLibraryFilter</filter-name>
  <url-pattern>/*</url-pattern>
  </filter-mapping>
  <filter-mapping>
  <filter-name>adfBindings</filter-name>
  <servlet-name>Faces Servlet</servlet-name>
  <dispatcher>FORWARD</dispatcher>
  <dispatcher>REQUEST</dispatcher>
  </filter-mapping>
  <servlet>
  <servlet-name>Faces Servlet</servlet-name>
  <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
  <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet>
  <servlet-name>resources</servlet-name>
  <servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
  </servlet>
  <servlet>
  <servlet-name>adflibResources</servlet-name>
  <servlet-class>oracle.adf.library.webapp.ResourceServlet</servlet-class>
  </servlet>
  <servlet>
  <servlet-name>adfAuthentication</servlet-name>
  <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
  <init-param>
  <param-name>success_url</param-name>
  <param-value>/faces/InventoryUIShell</param-value>
  </init-param>
  <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet>
  <servlet-name>Controller</servlet-name>
  <servlet-class>ilog.views.faces.IlvFacesController</servlet-class>
  <load-on-startup>3</load-on-startup>
  </servlet>
  <servlet-mapping>
  <servlet-name>Faces Servlet</servlet-name>
  <url-pattern>/faces/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>resources</servlet-name>
  <url-pattern>/adf/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>resources</servlet-name>
  <url-pattern>/afr/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>adflibResources</servlet-name>
  <url-pattern>/adflib/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>adfAuthentication</servlet-name>
  <url-pattern>/adfAuthentication</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>Controller</servlet-name>
  <url-pattern>/_contr/*</url-pattern>
  </servlet-mapping>
  <session-config>
  <session-timeout>35</session-timeout>
  </session-config>
  <mime-mapping>
  <extension>html</extension>
  <mime-type>text/html</mime-type>
  </mime-mapping>
  <mime-mapping>
  <extension>txt</extension>
  <mime-type>text/plain</mime-type>
  </mime-mapping>
  <jsp-config>
  <jsp-property-group>
  <url-pattern>*.jsff</url-pattern>
  <is-xml>true</is-xml>
  </jsp-property-group>
  </jsp-config>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>allPages</web-resource-name>
  <url-pattern>/</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>valid-users</role-name>
  </auth-constraint>
  </security-constraint>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>Unsecured resources</web-resource-name>
  <url-pattern>/images/</url-pattern>
  <url-pattern>*.png</url-pattern>
  <url-pattern>*.gif</url-pattern>
  <url-pattern>*.jpg</url-pattern>
  <url-pattern>*.jpeg</url-pattern>
  <url-pattern>*.bmp</url-pattern>
  <url-pattern>*.css</url-pattern>
  <url-pattern>*.js</url-pattern>
  <url-pattern>/css/*</url-pattern>
  <url-pattern>/afr/blank.html</url-pattern>
  </web-resource-collection>
  </security-constraint>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>adfAuthentication</web-resource-name>
  <url-pattern>/adfAuthentication</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>valid-users</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/faces/login.jspx</form-login-page>
  <form-error-page>/faces/error.jspx</form-error-page>
  </form-login-config>
  </login-config>
  <security-role>
  <role-name>valid-users</role-name>
  </security-role>
  <welcome-file-list>
  <welcome-file>/faces/InventoryUIShell</welcome-file>
  </welcome-file-list>
  </web-app>

  hi
  this can be done using a simple "Servlet Filters" which will check whether the user session is valid or not. so for every connect to the server the filter runs and redirects to the login page if the session has expired. here you can configure your filter to be activated for every URL or a patterns of urls.
  u need servlet2.3 supported server for this.
  hope this helps
  shrini
  I have an business j2ee application run on oc4j. When the session timeout declared on the web.xml expire, i want to redirect automaticaly the user to my login.jsp to force him to reconnect. I try j_security_chek, but i want to restart the business application at the top and not to the page which are request. Somebody know who i can do this mechanism. I try too special tag in jsp, this run very good but i have to repeate this call on every page. I look for an other simply mechanism to that
  Thanks