Hi, I am working on my final year project which is an web based application. I want to implement logout function in that project. But don't know how to do that. Also I want to implement auto logout functionality i.e. after a particular time period say after 20 minutes a user will be automatically logged out if he/she does not perform any action during this period. A message should be displayed to the user "Sorry, Your session has expired Please login again". How to do that?
How are you dealing with logins and sessions? If its as simple as a session cookie you'd just expire/delete the cookie to logout
You can logout using session.invalidate()
(or response.getSession().invalidate()
in a servlet)
If using cookies, you will have to to call response.addCookie(..)
with your cookie with a negative lifetime.
The auto-logout can be achieved with setting the session timeout. In web.xml
<session-config>
<session-timeout>20</session-timeout>
</session-config>
The way I do this on our CMS is to have a setTimeout started upon page load. This - after 20 minutes redirects the user to a page that clears the session, and hence logs the user out. Unfortunately this has one side effect of when a user has more than one window open, sometimes one window can reach the timeout period before the one the user is active in. This causes a session to timeout prematurely, and breaks flow.
One way around this caveat could be to keep an activity ID for each action the user performs (i.e. creating a content item, uploading an image). This activity ID is kept in the user table, and the timeout timer (in Javascript) can check against this ID to see if the window that has timed out is the most recently active window or not. If the ID in that window (passed from say a PHP variable into the HTML output) does not match, then it does not force a session timeout.
This is quite a tricky one to approach without introducing breaking changes to an interface.