Hi,
I am using spring 2.5.6 and acegi 1.0.7
I want to know the best way to handle session timeout with acegi/spring mvc. I tried using the concurrentsessionfilter from acegi and added some code to also check for session timeout, but since it is the first filter that is called, there are a lot of customizations needed and it is not straight forward at all. Below is what I added :


if (session == null || StringUtils.isBlank(httpRequest.getRequestedSessio nId()) || !httpRequest.isRequestedSessionIdValid() )
{
// check if session control is required. excludes are for login page, timeout page etc.
if (isSessionControlRequired(httpRequest.getRequestUR I()))
{
redirect = true;
paramValue = "e";
log.info(methodName, "Session has expired.");
}
} else {
// acegi original code for concurrent session handling
}