Re: Idle timeout Handling

[Gogineni, Pratima]

>A completely different approach is to use container-managed security, as
described in the Servlet API Specification >>
><>. Here, you are
relying on the servlet container to manage user logon, so that you do not
have to check 
>anything on a per-request basis. > > Thanks, > Shiraz
> Craig McClanahan 
When you use the servlet container basic authentication - the session is
automatically refreshed (because the user info is sent directly from the
browser) but you still may need to refresh the data/warn the user that the
data has been refreshed since the user may think he is continuing from the
the place he left off  but ends up operating on a form-bean in the initial
state.
Could someone correct me if my assumption is wrong?
pratima




Pratima Gogineni
Core Technology

Selectica, Inc.
3 West Plumeria Drive
San Jose CA 95134.2111
www.selectica.com

Direct: 408.545.2615
Main:   408.570.9700
Mobile: 408.315.6380
Fax:408.570.2167

See our Internet Selling Systems in action:
http://www.selectica.com/iss_in_action/

RE: Idle timeout Handling

[Shiraz Wasim Zaidi]

Thanks for the reply Craig.

-Shiraz

> -Original Message-
> From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, December 14, 2000 2:53 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Idle timeout Handling
>
>
>
>
> Shiraz Wasim Zaidi wrote:
>
> > Hi!,
> >
> > I have just started working with the struts framework and like it a lot.
> > I have a question about idletimeout handling. The only way i
> can handle it
> > now is to do an idle timeout check at the start of perform method of my
> > action classes.
> > I cannot rely on getSession(false) check as i wont get a null session in
> > case i have a
> > session scoped form asscoiated with the mapping. I can check for some
> > attribute say user
> > profile that i bind to the session in the Authenticating action class.
> >
>
> Even if the controller servlet calls getSession() for you (as it
> does when you
> have a session-scoped ActionForm bean), it is still quite easy to
> check for
> expired sessions.
>
> When you initially log a user on, store an object specific to
> that user in the
> session (the Struts example application stores an instance of the
> User class).
> Then, if a new session got created for you, this object will be
> missing -- so
> you can easily detect that this happened.
>
> If you want such a check on every single request sent to the
> controller servlet,
> you might consider subclassing the controller servlet and adding
> your own custom
> check at the appropriate point.
>
> > Is there someother way idle timeouts can be handled then doing
> it repeatedly
> > in almost every action class?
> >
>
> Don't forget to check in your JSP pages as well -- in case the
> user bookmarks a
> page and then returns to it directly, rather than through the controller
> servlet.
>
> The Struts example application includes an application-specific custom tag
> () that makes exactly this sort of a check.
>
> >
> > Appreciate any response.
> >
>
> A completely different approach is to use container-managed security, as
> described in the Servlet API Specification
> <http://java.sun.com/products/servlet/download.html>.  Here, you
> are relying on
> the servlet container to manage user logon, so that you do not
> have to check
> anything on a per-request basis.
>
> >
> > Thanks,
> > Shiraz
>
> Craig McClanahan
>
>
>

Re: Idle timeout Handling

[Craig R. McClanahan]

Shiraz Wasim Zaidi wrote:

> Hi!,
>
> I have just started working with the struts framework and like it a lot.
> I have a question about idletimeout handling. The only way i can handle it
> now is to do an idle timeout check at the start of perform method of my
> action classes.
> I cannot rely on getSession(false) check as i wont get a null session in
> case i have a
> session scoped form asscoiated with the mapping. I can check for some
> attribute say user
> profile that i bind to the session in the Authenticating action class.
>

Even if the controller servlet calls getSession() for you (as it does when you
have a session-scoped ActionForm bean), it is still quite easy to check for
expired sessions.

When you initially log a user on, store an object specific to that user in the
session (the Struts example application stores an instance of the User class).
Then, if a new session got created for you, this object will be missing -- so
you can easily detect that this happened.

If you want such a check on every single request sent to the controller servlet,
you might consider subclassing the controller servlet and adding your own custom
check at the appropriate point.

> Is there someother way idle timeouts can be handled then doing it repeatedly
> in almost every action class?
>

Don't forget to check in your JSP pages as well -- in case the user bookmarks a
page and then returns to it directly, rather than through the controller
servlet.

The Struts example application includes an application-specific custom tag
() that makes exactly this sort of a check.

>
> Appreciate any response.
>

A completely different approach is to use container-managed security, as
described in the Servlet API Specification
.  Here, you are relying on
the servlet container to manage user logon, so that you do not have to check
anything on a per-request basis.

>
> Thanks,
> Shiraz

Craig McClanahan

Re: Idle timeout Handling

[Pierre Métras]

Hi Shiraz,

Have a look at the interface javax.servlet.http.HttpSessionBindingListener.
If your classes implement it, they will be called on valueUnbound() when a
session timeout occurs.

Hope that solve your problem.

Pierre Métras

> I have just started working with the struts framework and like it a lot.
> I have a question about idletimeout handling. The only way i can handle it
> now is to do an idle timeout check at the start of perform method of my
> action classes.
> I cannot rely on getSession(false) check as i wont get a null session in
> case i have a
> session scoped form asscoiated with the mapping. I can check for some
> attribute say user
> profile that i bind to the session in the Authenticating action class.
>
> Is there someother way idle timeouts can be handled then doing it
repeatedly
> in almost every action class?
>
> Appreciate any response.
>
>
> Thanks,
> Shiraz

Idle timeout Handling

[Shiraz Wasim Zaidi]

Hi!,

I have just started working with the struts framework and like it a lot.
I have a question about idletimeout handling. The only way i can handle it
now is to do an idle timeout check at the start of perform method of my
action classes.
I cannot rely on getSession(false) check as i wont get a null session in
case i have a
session scoped form asscoiated with the mapping. I can check for some
attribute say user
profile that i bind to the session in the Authenticating action class.

Is there someother way idle timeouts can be handled then doing it repeatedly
in almost every action class?

Appreciate any response.


Thanks,
Shiraz