You're going to have a tough time knowing whether a person isn't
authenticated because they 1) haven't logged in yet or 2) their
session timed out. I'd recommend use of a (session) cookie to help
detect that. It's the only way I can think of.
Basically, the scenario is:
- User logs in
- System validates credentials
- If user is validated, create a cookie that tracks them
- User does stuf and sits there idle like a bump on a log
- Session times out
- User requests resource
- System notices they don't have a session, but that the cookie is there
- Sytem knows the user was logged in and timed out
No amount of keeping things up-to-date in the session is going to help
you in the case of a timeout. You grab the current action and stick
it in a cookie though. I can't think of another way to get the
functionality you're looking for.
Good Luck!
Eddie
HTH - Didn't see it in your write-up. Maybe I didn't read between the
lines thoroughly enough.
On Tue, 11 Jan 2005 11:15:34 -0500, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
>
>
> I have two situations I am trying to address with one generic solution:
>
> 1) For every update action, I had to maintain two separate "result
> confirmation" JSPs, one stating "Update Successful" and one "Updated failed
> due to system error. Try again later." (must be a system error, as any
> data validation errors would have been returned to original data entry
> JSP.) Each of these also has a button with a unique link to take it to the
> appropriate action to build what should be the next view for that user (I
> want to be able to bounce them back to a page that was most recent or
> appropriate for where they were in the application.)
>
> 2) On session timeout, I want to bounce the user to a login page, then
> bring them back to the page/action they were attempting to go to, or the
> most appropriate location, based on the application knowing only the user
> id of the user and no other context.
>
> If you could review my plan below and let me know if it is sound from a
> Struts perspective OR whether there are Struts best practices to accomplish
> the same thing in a more elegant way, that would be great. I am pretty
> sure there is a bug in how I propose using the various session attibutes
> below, but please don't worry with that - I'll sort it out when I
> implement. I am really seeking an opinion on the overall approach.
> Thanks!
>
> MY PLAN:
>
> Keep three attributes in the session object up to date at all times:
> a) previousAction - the most recent action completed by the user
> b) currentAction - the next action the user was attempting when the
> error or session timeout occurred
> c) nextAction - the next action that should be invoked after a
> successful action (ONLY after successful actions)
> c) previousActionResult - the message to be displayed on
> actionResult.jsp (after ALL update actions, whether successful, failed, or
> timed-out)
>
> Psuedo-code for a session timeout scenario:
>
> User is on ChangePasswordDef and presses button to process change with
> ChangePasswordAction
>
> AuthenticationFilter (this is a filter that precedes ALL actions. It
> checks authority of the user to execute the action, logs that the user
> executed the action, and looks for session timeout)
> set previousAction = currentAction (no longer prev action. In fact,
> null in this scenario.)
> set currentAction = ChangePassword
> If new session (session timed out before this action)
> set previousActionResult = "...inactive too long..."
> forward to actionResult.jsp
>
> actionResult.jsp
> display previousActionResult
> render OK button to go to GoToLoginAction
>
> GoToLoginAction
> forward to LoginDef (Tiles)
>
> LoginDef
> invoke LoginAction
>
> LoginAction
> process login successfully
> If currentAction != null
> forward to actionResultAction
>
> actionResultAction
> If currentAction = "ChangePassword"
> forward to ChangePasswordAction
>
> AuthenticationFilter
> pass authorization check and do not detect session timeout
> if current action != previousAction
> set previousAction = BuildHomeViewAction
> currentAction = ChangePassword
>
> ChangePasswordAction
> (finally where the user wanted to be!)
> --
> "NOTICE: The information contained in this electronic mail transmission is
> intended by Convergys Corporation for the use of the named individual or
> entity to which it is directed and may contain information that is
> privileged or otherwise confidential. If you have received this electronic
> mail transmission in error, please delete it from your system without
> copying or forwarding it, and notify the sender of the error by reply email
> or by telephone (collect), so that the sender's address records can be
> corrected."
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
Eddie Bush
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
