diff --git a/samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security.xml b/samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security.xml index 1e3309df18..129ffb4f53 100644 --- a/samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security.xml +++ b/samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security.xml @@ -33,7 +33,7 @@ --> - + diff --git a/samples/tutorial/src/main/webapp/timeout.jsp b/samples/tutorial/src/main/webapp/timeout.jsp new file mode 100644 index 0000000000..10e7fc7c92 --- /dev/null +++ b/samples/tutorial/src/main/webapp/timeout.jsp @@ -0,0 +1,13 @@ +<%@page session="false" %> +<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core_rt"%> + + +Session Timeout + +

Invalid Session

+ +

+Your session appears to have timed out. Please start again. +

+ + diff --git a/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java b/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java index 155cd75284..9c81fc62d4 100644 --- a/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java +++ b/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java @@ -84,7 +84,8 @@ public class SessionManagementFilter extends GenericFilterBean { logger.debug("Requested session ID" + request.getRequestedSessionId() + " is invalid."); if (invalidSessionUrl != null) { - logger.debug("Redirecting to '" + invalidSessionUrl + "'"); + logger.debug("Starting new session (if required) and redirecting to '" + invalidSessionUrl + "'"); + request.getSession(); redirectStrategy.sendRedirect(request, response, invalidSessionUrl); return;