Re: Help with detecting session timeout
Once the session expires... this code never gets called by tomcat. So I am not really sure what you are thinking about? -Dennis that is cause you have protected every single resource in your webapp and require login for that. hence, every single resource is bound by the session existing or not. in order for you to call (request.getSession(false)==null) that resource can not be protected by security constraints and required login information. Filip - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help with detecting session timeout
Filip,
Perhaps we have different web.xml deployments in mind...
In my case the code you suggested never gets called once the tomcat
session is expired.
Here are snippets from my web.xml:
CallQServlet
com.xyz.hm.callq.server.CallQServlet
debug
false
CallQServlet
/servlet/CallQServlet
My Product Name
some name
/*
GET
POST
acme_tier1
acme_guest
acme_admin
acme_tier3
NONE
FORM
Acme Product Name
/XMSLogin.jsp
/error_401.html
Normal User of the Mycompany product
acme_tier3
Normal User of the Mycompany product
acme_guest
Administrator of the Mycompany product
acme_admin
Tier1 User of the Mycompany product
acme_tier1
And at the top of CallQServlet.java's doGet():
System.out.println (this.getClass ().getName () + " : INFO :
entering doGet()");
System.out.println (this.getClass ().getName () + " : INFO : Request
toString():" + req.toString ());
if ((session = req.getSession (false)) == null)
{
System.out.println (this.getClass ().getName () + " : WARNING :
getSession() failed !");
res.sendError(505, "No session available on the server");
return;
}
Once the session expires... this code never gets called by tomcat. So I
am not really sure what you are thinking about?
-Dennis
-Original Message-
From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED]
Sent: Monday, February 20, 2006 11:46 AM
To: Tomcat Users List
Subject: Re: Help with detecting session timeout
no, that is not true, this could be your servlet (note, this assumes
your session was created by another JSP/servlet.
note, you can also do request.getSession().isNew() and so on,
public void service(HttpServletRequest req, HttpServletResponse resp)
throws ServletException {
if ( req.getSession(false) == null ) {
resp.sendError(505, "No session available on the server");
return;
} else {
//execute code
}
}
Klotz Jr, Dennis wrote:
> Thanks Filip.
>
> Please correct me if I am wrong...
>
> Isn't it the case that if the session expires, the client cannot
access
> any of the servlets within my webapp? Therefore, the response you set
> would never be seen by the clients applet.
>
> So I how your code would ever work?
>
> Thanks again for responding.
>
> -Dennis
>
>
> -Original Message-
> From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED]
> Sent: Monday, February 20, 2006 11:24 AM
> To: Tomcat Users List
> Subject: Re: Help with detecting session timeout
>
> in your servlet, you can do
>
> ...
> if ( session_has_timed_out) {
> response.setError(505,"Session has timed out");
> return;
> }
>
>
> then in your applet, you can catch the 505,
>
> Filip
>
>
> Klotz Jr, Dennis wrote:
>
>> Greetings to all.
>>
>> I hope everyone had a great weekend. :) I've run into a problem that
I
>> can't find any answers for and I am hopeful that one of you has the
>>
> time
>
>> to respond.
>>
>> Given:
>> * Tomcat 5.5.15
>> * Applet using jvm 1.5
>> * An applet that has been sitting idle and tomcat has expired the
>> session
>> * User tries to click on an applet function that sends and requests a
>> serialized object.
>>
>> Here is code from the APPLET I'm trying to use. This applet code (run
>> inside a browser) always receives a status of HTTP_OK (200)! Any
ideas
>> why? From what I can tell, tomcat is trying to send the user to the
>> forms based login but that never happens since the applet has control
>>
> of
>
>> the browser...
>>
>> URL servlet = ;
>>
>>
>>
>> HttpURLConnection con = (HttpURLConnection)servlet.openConnection
>> ();
>>
>> con.setDoInput (true);
>> con.setDoOutput (true);
>> con.setUseCaches (false);
>> con.setRequestProperty ("Content-Type",
>> "application/x-java-serialized-object");
>>
>>
>>
>> out = new ObjectOutputStream (con.getOutputStream ());
>> out.writeObject (obj);
>> out.flush ();
>> out.close ();
>>
>> in = con.getInputStream ();
>>
>> int status = con.getResponseCode();
Re: Help with detecting session timeout
--- "Klotz Jr, Dennis" <[EMAIL PROTECTED]> wrote:
> Greetings to all.
>
> I hope everyone had a great weekend. :) I've run
> into a problem that I
> can't find any answers for and I am hopeful that one
> of you has the time
> to respond.
>
> Given:
> * Tomcat 5.5.15
> * Applet using jvm 1.5
> * An applet that has been sitting idle and tomcat
> has expired the
> session
> * User tries to click on an applet function that
> sends and requests a
> serialized object.
>
> Here is code from the APPLET I'm trying to use. This
> applet code (run
> inside a browser) always receives a status of
> HTTP_OK (200)! Any ideas
> why? From what I can tell, tomcat is trying to send
> the user to the
> forms based login but that never happens since the
> applet has control of
> the browser...
>
> URL servlet = ;
>
>
>
> HttpURLConnection con =
> (HttpURLConnection)servlet.openConnection
> ();
>
> con.setDoInput (true);
> con.setDoOutput (true);
> con.setUseCaches (false);
> con.setRequestProperty ("Content-Type",
> "application/x-java-serialized-object");
>
>
>
> out = new ObjectOutputStream
> (con.getOutputStream ());
> out.writeObject (obj);
> out.flush ();
> out.close ();
>
> in = con.getInputStream ();
>
> int status = con.getResponseCode();
>
> // print the status
>
> // exception always occurs here. EOF on stream
> or
> // invalid stream header...
> result = new ObjectInputStream (in);
> o = result.readObject ();
>
>
>
> The method call:
>
> int status = con.getResponseCode();
>
> Always returns a status of HTTP_OK (200)! Why oh why
> can't I see a
> status that indicates that the session has expired?
> :) Perhaps that the
> user is no longer authenticated?
>
> Bueller? Bueller? :)
>
> If anyone can help I offer them a thousands thanks!
>
> -Dennis
>
It's not an error that your session has timed out and
apparently you want the user to see the login if using
a browser. So, it is valid you are getting a status
200 as you are trying to show the user a valid page
using form login. So, the browser needs 200 to know
it didn't get an error and should show the form.
Basically you need to either check your return in the
applet to see if it gets back HTML (possibly could
even use different content types for your normal
applet information so you can check the content type
of the HTTP return) or what you expect and maybe place
a tag in your meta section (custom tag) which you can
parse out to tell if you need to have the user
re-login. If you don't do something like this you're
going to have to implement your own security. You can
do this using a Filter and implement your own security
polciies and even implement form logins.
Wade
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help with detecting session timeout
no, that is not true, this could be your servlet (note, this assumes
your session was created by another JSP/servlet.
note, you can also do request.getSession().isNew() and so on,
public void service(HttpServletRequest req, HttpServletResponse resp)
throws ServletException {
if ( req.getSession(false) == null ) {
resp.sendError(505, "No session available on the server");
return;
} else {
//execute code
}
}
Klotz Jr, Dennis wrote:
Thanks Filip.
Please correct me if I am wrong...
Isn't it the case that if the session expires, the client cannot access
any of the servlets within my webapp? Therefore, the response you set
would never be seen by the clients applet.
So I how your code would ever work?
Thanks again for responding.
-Dennis
-Original Message-
From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED]
Sent: Monday, February 20, 2006 11:24 AM
To: Tomcat Users List
Subject: Re: Help with detecting session timeout
in your servlet, you can do
...
if ( session_has_timed_out) {
response.setError(505,"Session has timed out");
return;
}
then in your applet, you can catch the 505,
Filip
Klotz Jr, Dennis wrote:
Greetings to all.
I hope everyone had a great weekend. :) I've run into a problem that I
can't find any answers for and I am hopeful that one of you has the
time
to respond.
Given:
* Tomcat 5.5.15
* Applet using jvm 1.5
* An applet that has been sitting idle and tomcat has expired the
session
* User tries to click on an applet function that sends and requests a
serialized object.
Here is code from the APPLET I'm trying to use. This applet code (run
inside a browser) always receives a status of HTTP_OK (200)! Any ideas
why? From what I can tell, tomcat is trying to send the user to the
forms based login but that never happens since the applet has control
of
the browser...
URL servlet = ;
HttpURLConnection con = (HttpURLConnection)servlet.openConnection
();
con.setDoInput (true);
con.setDoOutput (true);
con.setUseCaches (false);
con.setRequestProperty ("Content-Type",
"application/x-java-serialized-object");
out = new ObjectOutputStream (con.getOutputStream ());
out.writeObject (obj);
out.flush ();
out.close ();
in = con.getInputStream ();
int status = con.getResponseCode();
// print the status
// exception always occurs here. EOF on stream or
// invalid stream header...
result = new ObjectInputStream (in);
o = result.readObject ();
The method call:
int status = con.getResponseCode();
Always returns a status of HTTP_OK (200)! Why oh why can't I see a
status that indicates that the session has expired? :) Perhaps that
the
user is no longer authenticated?
Bueller? Bueller? :)
If anyone can help I offer them a thousands thanks!
-Dennis
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help with detecting session timeout
Thanks Filip.
Please correct me if I am wrong...
Isn't it the case that if the session expires, the client cannot access
any of the servlets within my webapp? Therefore, the response you set
would never be seen by the clients applet.
So I how your code would ever work?
Thanks again for responding.
-Dennis
-Original Message-
From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED]
Sent: Monday, February 20, 2006 11:24 AM
To: Tomcat Users List
Subject: Re: Help with detecting session timeout
in your servlet, you can do
...
if ( session_has_timed_out) {
response.setError(505,"Session has timed out");
return;
}
then in your applet, you can catch the 505,
Filip
Klotz Jr, Dennis wrote:
> Greetings to all.
>
> I hope everyone had a great weekend. :) I've run into a problem that I
> can't find any answers for and I am hopeful that one of you has the
time
> to respond.
>
> Given:
> * Tomcat 5.5.15
> * Applet using jvm 1.5
> * An applet that has been sitting idle and tomcat has expired the
> session
> * User tries to click on an applet function that sends and requests a
> serialized object.
>
> Here is code from the APPLET I'm trying to use. This applet code (run
> inside a browser) always receives a status of HTTP_OK (200)! Any ideas
> why? From what I can tell, tomcat is trying to send the user to the
> forms based login but that never happens since the applet has control
of
> the browser...
>
> URL servlet = ;
>
>
>
> HttpURLConnection con = (HttpURLConnection)servlet.openConnection
> ();
>
> con.setDoInput (true);
> con.setDoOutput (true);
> con.setUseCaches (false);
> con.setRequestProperty ("Content-Type",
> "application/x-java-serialized-object");
>
>
>
> out = new ObjectOutputStream (con.getOutputStream ());
> out.writeObject (obj);
> out.flush ();
> out.close ();
>
> in = con.getInputStream ();
>
> int status = con.getResponseCode();
>
> // print the status
>
> // exception always occurs here. EOF on stream or
> // invalid stream header...
> result = new ObjectInputStream (in);
> o = result.readObject ();
>
>
>
> The method call:
>
> int status = con.getResponseCode();
>
> Always returns a status of HTTP_OK (200)! Why oh why can't I see a
> status that indicates that the session has expired? :) Perhaps that
the
> user is no longer authenticated?
>
> Bueller? Bueller? :)
>
> If anyone can help I offer them a thousands thanks!
>
> -Dennis
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help with detecting session timeout
in your servlet, you can do
...
if ( session_has_timed_out) {
response.setError(505,"Session has timed out");
return;
}
then in your applet, you can catch the 505,
Filip
Klotz Jr, Dennis wrote:
Greetings to all.
I hope everyone had a great weekend. :) I've run into a problem that I
can't find any answers for and I am hopeful that one of you has the time
to respond.
Given:
* Tomcat 5.5.15
* Applet using jvm 1.5
* An applet that has been sitting idle and tomcat has expired the
session
* User tries to click on an applet function that sends and requests a
serialized object.
Here is code from the APPLET I'm trying to use. This applet code (run
inside a browser) always receives a status of HTTP_OK (200)! Any ideas
why? From what I can tell, tomcat is trying to send the user to the
forms based login but that never happens since the applet has control of
the browser...
URL servlet = ;
HttpURLConnection con = (HttpURLConnection)servlet.openConnection
();
con.setDoInput (true);
con.setDoOutput (true);
con.setUseCaches (false);
con.setRequestProperty ("Content-Type",
"application/x-java-serialized-object");
out = new ObjectOutputStream (con.getOutputStream ());
out.writeObject (obj);
out.flush ();
out.close ();
in = con.getInputStream ();
int status = con.getResponseCode();
// print the status
// exception always occurs here. EOF on stream or
// invalid stream header...
result = new ObjectInputStream (in);
o = result.readObject ();
The method call:
int status = con.getResponseCode();
Always returns a status of HTTP_OK (200)! Why oh why can't I see a
status that indicates that the session has expired? :) Perhaps that the
user is no longer authenticated?
Bueller? Bueller? :)
If anyone can help I offer them a thousands thanks!
-Dennis
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Help with detecting session timeout
Greetings to all.
I hope everyone had a great weekend. :) I've run into a problem that I
can't find any answers for and I am hopeful that one of you has the time
to respond.
Given:
* Tomcat 5.5.15
* Applet using jvm 1.5
* An applet that has been sitting idle and tomcat has expired the
session
* User tries to click on an applet function that sends and requests a
serialized object.
Here is code from the APPLET I'm trying to use. This applet code (run
inside a browser) always receives a status of HTTP_OK (200)! Any ideas
why? From what I can tell, tomcat is trying to send the user to the
forms based login but that never happens since the applet has control of
the browser...
URL servlet = ;
HttpURLConnection con = (HttpURLConnection)servlet.openConnection
();
con.setDoInput (true);
con.setDoOutput (true);
con.setUseCaches (false);
con.setRequestProperty ("Content-Type",
"application/x-java-serialized-object");
out = new ObjectOutputStream (con.getOutputStream ());
out.writeObject (obj);
out.flush ();
out.close ();
in = con.getInputStream ();
int status = con.getResponseCode();
// print the status
// exception always occurs here. EOF on stream or
// invalid stream header...
result = new ObjectInputStream (in);
o = result.readObject ();
The method call:
int status = con.getResponseCode();
Always returns a status of HTTP_OK (200)! Why oh why can't I see a
status that indicates that the session has expired? :) Perhaps that the
user is no longer authenticated?
Bueller? Bueller? :)
If anyone can help I offer them a thousands thanks!
-Dennis
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help with detecting session timeout
From an applet? There probably is no easy answer... any solution would involve either polling the server from the servlet, or pushing the status out to the servlet... the later should be doable from a SessionListener... record the remote IP when the session is created, and send a ping to it when the session expires. The problem with that though is when NAT and other address translation techniques get involved, there's a good chance it won't work. That's why polling is the more usual solution in situations like this. Frank Klotz Jr, Dennis wrote: Is there an easy way to detect that a session has timed out from within an applet? Regards, -Dennis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] . - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Help with detecting session timeout
Is there an easy way to detect that a session has timed out from within an applet? Regards, -Dennis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
