I have a GWT application running in Tomcat 6. The problem scenario is the following:
- People are using the application and for example a user B clicks through the application.
- Now I do a restart of the application
- If I do not open the start page of the GWT Application, then the whole web app is going crash as soon as the user B continues working in the application.
For now it would be sufficient if I can set a session timeout, which means that the user is being redirected to the start page after 30min (if he does not do anything in the application). The restart is currently happening only at 0300 for maintenance reasons.
Therefore I was wondering, if I can set session timeouts in Tomcat for GWT applications? In the web.xml the timeout is set to 30min but I think it is not really working with a GWT application.
The GWT part of an application is just the client side, that doesn’t control sessions. To get the behavior you want (of timing out after 30 minutes of inactivity) create a servlet filter that on every request looks at the last request time in the session, if it has expired then creates a new unauthenticated session, if not expired then updates the session with the next timeout (or time+30 minutes). Then in your servlet code check for a authenticated session and if it isn’t valid then redirect to the login page.