Session Expiration Filter : Session « Servlets « Java

Session Expiration Filter

 * Copyright (C) 2008-2009 Openbravo S.L.
 * Licensed under the Apache Software License version 2.0
 * You may obtain a copy of the License at
 * Unless required by applicable law or agreed to in writing, software distributed
 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations under the License.

import java.util.Date;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

public class SessionExpirationFilter implements Filter {

  public void init(FilterConfig config) {

  public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
      throws IOException, ServletException {
    HttpServletRequest hReq = (HttpServletRequest) req;

    HttpSession session = hReq.getSession(false);
    if (null != session) {
      Date expirationDate = (Date) session.getAttribute("expirationDate");

      if (expirationDate == null)
        expirationDate = new Date(System.currentTimeMillis() + 1000000); // only
      // for
      // make
      // false
      // "expirationDate.before(new Date())"
      // in
      // the
      // first
      // execution

      if (expirationDate.before(new Date())) {
        session = null;
      } else {
        // ignore requests marked as both ajaxCall and ignoreForSessionTimeout
        String isAjaxCall = hReq.getParameter("IsAjaxCall");
        String ignoreForSessionTimeout = hReq.getParameter("ignoreForSessionTimeout");
        boolean ignoreForTimeout = "1".equals(isAjaxCall) && ("1".equals(ignoreForSessionTimeout));
        if (ignoreForTimeout) {
          // Do nothing; don't update the session timestamp
        } else {
          session.setAttribute("expirationDate", new Date(System.currentTimeMillis()
              + session.getMaxInactiveInterval() * 1000));
    chain.doFilter(req, resp);

  public void destroy() {



Related examples in the same category

1.Using Sessions in Servlet
2.Session Tracker
3.Servlet: simple session
4.Session logger
5.Servlet: Session display
6.Servlet: session listener
7.Servlet : session filter
8.Servlet: session attribute listener
9.Servlet: Session bind listener
10.Servlet Session Example
11.Use cookie to save session data
12.Use hidden fields to save session data
13.Use URL rewrite to save session data
14.Session Events: implements HttpSessionBindingListener
15.Map adaptor for HttpSession objects
16.Fake session