Protect your Java web application from the consequences of uploading large files

Problem Description:
Sometimes in our web applications, we provide HTML file inputs to our application users so they can upload their documents to the server.

BUT what will happen if a user or more upload a 3 or 4 or more giga bytes files to the server in the same time?
Unfortunately the server may have an OutOfMemory exception.

Another problem is that the client side file size validation is not supported on all browsers for security reasons (Actually the only allowed file size validation is on IE through the “Scripting.FileSystemObject” ActiveX control). So this sort of validation unfortunately has to be done on the server side???

Problem Solution:
Limiting the HTTP post size through setting a value for the (PostSizeLimit) parameter in the HTTP server.
In the IBM HTTP server (for example), this parameter exists in a file called (plugin-cfg.xml) under (/WebSphere/AppServer/config/cells).

Setting the PostSizeLimit to “20971520” means that the maximum file size to be allowed is 20 MB.
And setting the PostSizeLimit parameter to “-1” means unlimited post size.

I wish that this tip can be useful to you guys.

Redirecting the web application to its home page when session is timeout

One of the requirements that might be needed in web applications is redirecting the web application to its home page when the user session is timeout.

There are many approaches that can be followed to solve this problem, like using the JavaScript setTimeout() method to refresh the page every period of time and a servlet filter that check whether the session is expired to redirect the application to its home page.

Although this solution is applicable but will really induce massive amounts of stomach acid to the web application and to its maintaince.

After digging for a while in the problem, I found this smart approach; all what you should do is just place the following meta tag inside the <head> tag of your JSPs :

<meta http-equiv="refresh" 
content="<%= session.getMaxInactiveInterval() %>;
url=<your_login_page>.jsp">