Extremly Messy session - Urgent Help Please
In my jsf application when the login page is initialized the httpsessionListener tells that session is created.
Next there is filter used to authenticate user and create user session as coded below
HttpServletRequest reqObject = (HttpServletRequest) arg0;
HttpSession sessionObject = reqObject.getSession(true);
I have set the <session-timeout> in web.xml is set to 15 mins. and maxinactiveInterval period as
sessionObject.setMaxInactiveInterval(600);
In the filter am calling FacesContext sessionMap and placing objects there
facescontext.getExternalContext().getSessionMap().put("UserObject",userData);
Besides there is HashTable kept in application scope that contains userinfo
ServletContext servletContext = (ServletContext)facescontext.getExternalContext().getContext();
Hashtable AppWideTable=(Hashtable)servletContext.getAttribute("AppWideTable");
AppWideTable.put(userid,uniqueId);
servletContext.setAttribute("AppWideTable",AppWideTable);
In my other pages have coded to invalidate usersession when user explicitly clicks on logout button and also the objects stored in session are removed.
when there is inactivity on page and the userInactive period is over an error page is displayed. And The HttpsesionListener sessionDestroyed() method does tells me that sesion is destroyed after maxInactiveInterval period is over. But again as <session-timeout> is set to 15 mins another message is displayed for session destroyed later on.
And for both these cases am unable to remove the objects placed in sessionMap.
How can i modify my code to acheive user log out be same for session-timeout, maxInactiveInterval and explicit call to session invalidate() with all session objects removed
One more thing the session times out even for the page activities.
Please reply .Thanks
