Re: Help with detecting session timeout
Once the session expires... this code never gets called by tomcat. So I am not really sure what you are thinking about? -Dennis that is cause you have protected every single resource in your webapp and require login for that. hence, every single resource is bound by the session existing or not. in order for you to call (request.getSession(false)==null) that resource can not be protected by security constraints and required login information. Filip - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help with detecting session timeout
Filip, Perhaps we have different web.xml deployments in mind... In my case the code you suggested never gets called once the tomcat session is expired. Here are snippets from my web.xml: CallQServlet com.xyz.hm.callq.server.CallQServlet debug false CallQServlet /servlet/CallQServlet My Product Name some name /* GET POST acme_tier1 acme_guest acme_admin acme_tier3 NONE FORM Acme Product Name /XMSLogin.jsp /error_401.html Normal User of the Mycompany product acme_tier3 Normal User of the Mycompany product acme_guest Administrator of the Mycompany product acme_admin Tier1 User of the Mycompany product acme_tier1 And at the top of CallQServlet.java's doGet(): System.out.println (this.getClass ().getName () + " : INFO : entering doGet()"); System.out.println (this.getClass ().getName () + " : INFO : Request toString():" + req.toString ()); if ((session = req.getSession (false)) == null) { System.out.println (this.getClass ().getName () + " : WARNING : getSession() failed !"); res.sendError(505, "No session available on the server"); return; } Once the session expires... this code never gets called by tomcat. So I am not really sure what you are thinking about? -Dennis -Original Message- From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Sent: Monday, February 20, 2006 11:46 AM To: Tomcat Users List Subject: Re: Help with detecting session timeout no, that is not true, this could be your servlet (note, this assumes your session was created by another JSP/servlet. note, you can also do request.getSession().isNew() and so on, public void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException { if ( req.getSession(false) == null ) { resp.sendError(505, "No session available on the server"); return; } else { //execute code } } Klotz Jr, Dennis wrote: > Thanks Filip. > > Please correct me if I am wrong... > > Isn't it the case that if the session expires, the client cannot access > any of the servlets within my webapp? Therefore, the response you set > would never be seen by the clients applet. > > So I how your code would ever work? > > Thanks again for responding. > > -Dennis > > > -Original Message- > From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] > Sent: Monday, February 20, 2006 11:24 AM > To: Tomcat Users List > Subject: Re: Help with detecting session timeout > > in your servlet, you can do > > ... > if ( session_has_timed_out) { > response.setError(505,"Session has timed out"); > return; > } > > > then in your applet, you can catch the 505, > > Filip > > > Klotz Jr, Dennis wrote: > >> Greetings to all. >> >> I hope everyone had a great weekend. :) I've run into a problem that I >> can't find any answers for and I am hopeful that one of you has the >> > time > >> to respond. >> >> Given: >> * Tomcat 5.5.15 >> * Applet using jvm 1.5 >> * An applet that has been sitting idle and tomcat has expired the >> session >> * User tries to click on an applet function that sends and requests a >> serialized object. >> >> Here is code from the APPLET I'm trying to use. This applet code (run >> inside a browser) always receives a status of HTTP_OK (200)! Any ideas >> why? From what I can tell, tomcat is trying to send the user to the >> forms based login but that never happens since the applet has control >> > of > >> the browser... >> >> URL servlet = ; >> >> >> >> HttpURLConnection con = (HttpURLConnection)servlet.openConnection >> (); >> >> con.setDoInput (true); >> con.setDoOutput (true); >> con.setUseCaches (false); >> con.setRequestProperty ("Content-Type", >> "application/x-java-serialized-object"); >> >> >> >> out = new ObjectOutputStream (con.getOutputStream ()); >> out.writeObject (obj); >> out.flush (); >> out.close (); >> >> in = con.getInputStream (); >> >> int status = con.getResponseCode();
Re: Help with detecting session timeout
--- "Klotz Jr, Dennis" <[EMAIL PROTECTED]> wrote: > Greetings to all. > > I hope everyone had a great weekend. :) I've run > into a problem that I > can't find any answers for and I am hopeful that one > of you has the time > to respond. > > Given: > * Tomcat 5.5.15 > * Applet using jvm 1.5 > * An applet that has been sitting idle and tomcat > has expired the > session > * User tries to click on an applet function that > sends and requests a > serialized object. > > Here is code from the APPLET I'm trying to use. This > applet code (run > inside a browser) always receives a status of > HTTP_OK (200)! Any ideas > why? From what I can tell, tomcat is trying to send > the user to the > forms based login but that never happens since the > applet has control of > the browser... > > URL servlet = ; > > > > HttpURLConnection con = > (HttpURLConnection)servlet.openConnection > (); > > con.setDoInput (true); > con.setDoOutput (true); > con.setUseCaches (false); > con.setRequestProperty ("Content-Type", > "application/x-java-serialized-object"); > > > > out = new ObjectOutputStream > (con.getOutputStream ()); > out.writeObject (obj); > out.flush (); > out.close (); > > in = con.getInputStream (); > > int status = con.getResponseCode(); > > // print the status > > // exception always occurs here. EOF on stream > or > // invalid stream header... > result = new ObjectInputStream (in); > o = result.readObject (); > > > > The method call: > > int status = con.getResponseCode(); > > Always returns a status of HTTP_OK (200)! Why oh why > can't I see a > status that indicates that the session has expired? > :) Perhaps that the > user is no longer authenticated? > > Bueller? Bueller? :) > > If anyone can help I offer them a thousands thanks! > > -Dennis > It's not an error that your session has timed out and apparently you want the user to see the login if using a browser. So, it is valid you are getting a status 200 as you are trying to show the user a valid page using form login. So, the browser needs 200 to know it didn't get an error and should show the form. Basically you need to either check your return in the applet to see if it gets back HTML (possibly could even use different content types for your normal applet information so you can check the content type of the HTTP return) or what you expect and maybe place a tag in your meta section (custom tag) which you can parse out to tell if you need to have the user re-login. If you don't do something like this you're going to have to implement your own security. You can do this using a Filter and implement your own security polciies and even implement form logins. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help with detecting session timeout
no, that is not true, this could be your servlet (note, this assumes your session was created by another JSP/servlet. note, you can also do request.getSession().isNew() and so on, public void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException { if ( req.getSession(false) == null ) { resp.sendError(505, "No session available on the server"); return; } else { //execute code } } Klotz Jr, Dennis wrote: Thanks Filip. Please correct me if I am wrong... Isn't it the case that if the session expires, the client cannot access any of the servlets within my webapp? Therefore, the response you set would never be seen by the clients applet. So I how your code would ever work? Thanks again for responding. -Dennis -Original Message- From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Sent: Monday, February 20, 2006 11:24 AM To: Tomcat Users List Subject: Re: Help with detecting session timeout in your servlet, you can do ... if ( session_has_timed_out) { response.setError(505,"Session has timed out"); return; } then in your applet, you can catch the 505, Filip Klotz Jr, Dennis wrote: Greetings to all. I hope everyone had a great weekend. :) I've run into a problem that I can't find any answers for and I am hopeful that one of you has the time to respond. Given: * Tomcat 5.5.15 * Applet using jvm 1.5 * An applet that has been sitting idle and tomcat has expired the session * User tries to click on an applet function that sends and requests a serialized object. Here is code from the APPLET I'm trying to use. This applet code (run inside a browser) always receives a status of HTTP_OK (200)! Any ideas why? From what I can tell, tomcat is trying to send the user to the forms based login but that never happens since the applet has control of the browser... URL servlet = ; HttpURLConnection con = (HttpURLConnection)servlet.openConnection (); con.setDoInput (true); con.setDoOutput (true); con.setUseCaches (false); con.setRequestProperty ("Content-Type", "application/x-java-serialized-object"); out = new ObjectOutputStream (con.getOutputStream ()); out.writeObject (obj); out.flush (); out.close (); in = con.getInputStream (); int status = con.getResponseCode(); // print the status // exception always occurs here. EOF on stream or // invalid stream header... result = new ObjectInputStream (in); o = result.readObject (); The method call: int status = con.getResponseCode(); Always returns a status of HTTP_OK (200)! Why oh why can't I see a status that indicates that the session has expired? :) Perhaps that the user is no longer authenticated? Bueller? Bueller? :) If anyone can help I offer them a thousands thanks! -Dennis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help with detecting session timeout
Thanks Filip. Please correct me if I am wrong... Isn't it the case that if the session expires, the client cannot access any of the servlets within my webapp? Therefore, the response you set would never be seen by the clients applet. So I how your code would ever work? Thanks again for responding. -Dennis -Original Message- From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Sent: Monday, February 20, 2006 11:24 AM To: Tomcat Users List Subject: Re: Help with detecting session timeout in your servlet, you can do ... if ( session_has_timed_out) { response.setError(505,"Session has timed out"); return; } then in your applet, you can catch the 505, Filip Klotz Jr, Dennis wrote: > Greetings to all. > > I hope everyone had a great weekend. :) I've run into a problem that I > can't find any answers for and I am hopeful that one of you has the time > to respond. > > Given: > * Tomcat 5.5.15 > * Applet using jvm 1.5 > * An applet that has been sitting idle and tomcat has expired the > session > * User tries to click on an applet function that sends and requests a > serialized object. > > Here is code from the APPLET I'm trying to use. This applet code (run > inside a browser) always receives a status of HTTP_OK (200)! Any ideas > why? From what I can tell, tomcat is trying to send the user to the > forms based login but that never happens since the applet has control of > the browser... > > URL servlet = ; > > > > HttpURLConnection con = (HttpURLConnection)servlet.openConnection > (); > > con.setDoInput (true); > con.setDoOutput (true); > con.setUseCaches (false); > con.setRequestProperty ("Content-Type", > "application/x-java-serialized-object"); > > > > out = new ObjectOutputStream (con.getOutputStream ()); > out.writeObject (obj); > out.flush (); > out.close (); > > in = con.getInputStream (); > > int status = con.getResponseCode(); > > // print the status > > // exception always occurs here. EOF on stream or > // invalid stream header... > result = new ObjectInputStream (in); > o = result.readObject (); > > > > The method call: > > int status = con.getResponseCode(); > > Always returns a status of HTTP_OK (200)! Why oh why can't I see a > status that indicates that the session has expired? :) Perhaps that the > user is no longer authenticated? > > Bueller? Bueller? :) > > If anyone can help I offer them a thousands thanks! > > -Dennis > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help with detecting session timeout
in your servlet, you can do ... if ( session_has_timed_out) { response.setError(505,"Session has timed out"); return; } then in your applet, you can catch the 505, Filip Klotz Jr, Dennis wrote: Greetings to all. I hope everyone had a great weekend. :) I've run into a problem that I can't find any answers for and I am hopeful that one of you has the time to respond. Given: * Tomcat 5.5.15 * Applet using jvm 1.5 * An applet that has been sitting idle and tomcat has expired the session * User tries to click on an applet function that sends and requests a serialized object. Here is code from the APPLET I'm trying to use. This applet code (run inside a browser) always receives a status of HTTP_OK (200)! Any ideas why? From what I can tell, tomcat is trying to send the user to the forms based login but that never happens since the applet has control of the browser... URL servlet = ; HttpURLConnection con = (HttpURLConnection)servlet.openConnection (); con.setDoInput (true); con.setDoOutput (true); con.setUseCaches (false); con.setRequestProperty ("Content-Type", "application/x-java-serialized-object"); out = new ObjectOutputStream (con.getOutputStream ()); out.writeObject (obj); out.flush (); out.close (); in = con.getInputStream (); int status = con.getResponseCode(); // print the status // exception always occurs here. EOF on stream or // invalid stream header... result = new ObjectInputStream (in); o = result.readObject (); The method call: int status = con.getResponseCode(); Always returns a status of HTTP_OK (200)! Why oh why can't I see a status that indicates that the session has expired? :) Perhaps that the user is no longer authenticated? Bueller? Bueller? :) If anyone can help I offer them a thousands thanks! -Dennis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Help with detecting session timeout
Greetings to all. I hope everyone had a great weekend. :) I've run into a problem that I can't find any answers for and I am hopeful that one of you has the time to respond. Given: * Tomcat 5.5.15 * Applet using jvm 1.5 * An applet that has been sitting idle and tomcat has expired the session * User tries to click on an applet function that sends and requests a serialized object. Here is code from the APPLET I'm trying to use. This applet code (run inside a browser) always receives a status of HTTP_OK (200)! Any ideas why? From what I can tell, tomcat is trying to send the user to the forms based login but that never happens since the applet has control of the browser... URL servlet = ; HttpURLConnection con = (HttpURLConnection)servlet.openConnection (); con.setDoInput (true); con.setDoOutput (true); con.setUseCaches (false); con.setRequestProperty ("Content-Type", "application/x-java-serialized-object"); out = new ObjectOutputStream (con.getOutputStream ()); out.writeObject (obj); out.flush (); out.close (); in = con.getInputStream (); int status = con.getResponseCode(); // print the status // exception always occurs here. EOF on stream or // invalid stream header... result = new ObjectInputStream (in); o = result.readObject (); The method call: int status = con.getResponseCode(); Always returns a status of HTTP_OK (200)! Why oh why can't I see a status that indicates that the session has expired? :) Perhaps that the user is no longer authenticated? Bueller? Bueller? :) If anyone can help I offer them a thousands thanks! -Dennis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help with detecting session timeout
From an applet? There probably is no easy answer... any solution would involve either polling the server from the servlet, or pushing the status out to the servlet... the later should be doable from a SessionListener... record the remote IP when the session is created, and send a ping to it when the session expires. The problem with that though is when NAT and other address translation techniques get involved, there's a good chance it won't work. That's why polling is the more usual solution in situations like this. Frank Klotz Jr, Dennis wrote: Is there an easy way to detect that a session has timed out from within an applet? Regards, -Dennis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] . - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Help with detecting session timeout
Is there an easy way to detect that a session has timed out from within an applet? Regards, -Dennis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]