0

I have a Spring MVC app where user must be redirected to the login page when session is expired. I tried common solution suggested here. But it does not redirect automatically, it redirects when user clicks any link or takes some action.

Then I created this class

@Component
public class SessionEndedListener implements ApplicationListener<SessionDestroyedEvent> {

    protected static Logger log = LogManager.getLogger(SessionEndedListener.class);

    @Override
    public void onApplicationEvent(SessionDestroyedEvent event)
    {
        log.info("Session expired or have been destroyed!");
    }

}

And now, my onApplicationEvent is fired when session expires. However, I can't redirect from this method.

How to redirect automatically when session is expired? My Spring version is 4.2.5 and Spring Security version is 4.1.4.

saidfagan
  • 841
  • 2
  • 9
  • 26
  • 3
    There is no connection between your UI and your backend all the time. So in general, HTTP is request-response, you send a request and get the response and that's it. Use websocket for instance to create full-duplex communication. The behavior you have now is correct - you should be redirected when you make some action (request to the server) and server will redirect if session has expired. – ikos23 May 22 '18 at 09:02

1 Answers1

1

This is not how http work, basically you are not able to do this because there is not long living connection between server and client when you are in a web site/app, so basically the only time server can tell your session have expired is when you perform an action and communicate with it.

Said that there are some commons alternatives you try for example add javascript client code (that is executed in your browser for example each 5/10 seconds) and ping server to identify if session have been expired.

Juan Rada
  • 3,513
  • 1
  • 26
  • 26