RE: Help with detecting session timeout

Mon, 20 Feb 2006 09:45:22 -0800 

Filip,

Perhaps we have different web.xml deployments in mind...

In my case the code you suggested never gets called once the tomcat
session is expired.

Here are snippets from my web.xml:

<snip>

    <servlet>
        <servlet-name>CallQServlet</servlet-name>
 
<servlet-class>com.xyz.hm.callq.server.CallQServlet</servlet-class>
        <init-param>
            <param-name>debug</param-name>
            <param-value>false</param-value>
        </init-param>
    </servlet>

    <servlet-mapping>
        <servlet-name>CallQServlet</servlet-name>
        <url-pattern>/servlet/CallQServlet</url-pattern>
    </servlet-mapping>

<snip>

    <security-constraint>
        <display-name>My Product Name</display-name>
        <web-resource-collection>
            <web-resource-name>some name</web-resource-name>
            <url-pattern>/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>

        <auth-constraint>
            <role-name>acme_tier1</role-name>
            <role-name>acme_guest</role-name>
            <role-name>acme_admin</role-name>
            <role-name>acme_tier3</role-name>
        </auth-constraint>

        <user-data-constraint>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

<snip>

    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>Acme Product Name</realm-name>
        <form-login-config>
            <form-login-page>/XMSLogin.jsp</form-login-page>
            <form-error-page>/error_401.html</form-error-page>
        </form-login-config>
    </login-config>
    <!-- SECURITY ROLES -->
    <security-role>
        <description>Normal User of the Mycompany product</description>
        <role-name>acme_tier3</role-name>
    </security-role>
    <security-role>
        <description>Normal User of the Mycompany product </description>
        <role-name>acme_guest</role-name>
    </security-role>
    <security-role>
        <description>Administrator of the Mycompany product
</description>
        <role-name>acme_admin</role-name>
    </security-role>
    <security-role>
        <description>Tier1 User of the Mycompany product </description>
        <role-name>acme_tier1</role-name>
    </security-role>
</web-app>

And at the top of CallQServlet.java's doGet():

    System.out.println (this.getClass ().getName () + " : INFO :
entering doGet()");
    System.out.println (this.getClass ().getName () + " : INFO : Request
toString():" + req.toString ());
                
    if ((session = req.getSession (false)) == null)
    {
        System.out.println (this.getClass ().getName () + " : WARNING :
getSession() failed !");
        res.sendError(505, "No session available on the server");
        return;
    }

Once the session expires... this code never gets called by tomcat. So I
am not really sure what you are thinking about?

-Dennis

-----Original Message-----
From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] 
Sent: Monday, February 20, 2006 11:46 AM
To: Tomcat Users List
Subject: Re: Help with detecting session timeout

no, that is not true, this could be your servlet (note, this assumes 
your session was created by another JSP/servlet.
note, you can also do request.getSession().isNew() and so on,

public void service(HttpServletRequest req, HttpServletResponse resp) 
throws ServletException {
    if ( req.getSession(false) == null ) {
        resp.sendError(505, "No session available on the server");
        return;

    } else {
       //execute code

  }
}

Klotz Jr, Dennis wrote:
> Thanks Filip.
>
> Please correct me if I am wrong...
>
> Isn't it the case that if the session expires, the client cannot
access
> any of the servlets within my webapp? Therefore, the response you set
> would never be seen by the clients applet. 
>
> So I how your code would ever work?
>
> Thanks again for responding.
>
> -Dennis
>
>
> -----Original Message-----
> From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] 
> Sent: Monday, February 20, 2006 11:24 AM
> To: Tomcat Users List
> Subject: Re: Help with detecting session timeout
>
> in your servlet, you can do
>
> ...
> if ( session_has_timed_out) {
>   response.setError(505,"Session has timed out");
>   return;
> }
> ....
>
> then in your applet, you can catch the 505,
>
> Filip
>
>
> Klotz Jr, Dennis wrote:
>   
>> Greetings to all.
>>
>> I hope everyone had a great weekend. :) I've run into a problem that
I
>> can't find any answers for and I am hopeful that one of you has the
>>     
> time
>   
>> to respond.
>>
>> Given:
>> * Tomcat 5.5.15
>> * Applet using jvm 1.5
>> * An applet that has been sitting idle and tomcat has expired the
>> session
>> * User tries to click on an applet function that sends and requests a
>> serialized object.
>>
>> Here is code from the APPLET I'm trying to use. This applet code (run
>> inside a browser) always receives a status of HTTP_OK (200)! Any
ideas
>> why? From what I can tell, tomcat is trying to send the user to the
>> forms based login but that never happens since the applet has control
>>     
> of
>   
>> the browser...
>>
>>     URL servlet = <set to a servlet URL>;
>>
>>     <snip>
>>
>>     HttpURLConnection con = (HttpURLConnection)servlet.openConnection
>> ();
>>
>>     con.setDoInput (true);
>>     con.setDoOutput (true);
>>     con.setUseCaches (false);
>>     con.setRequestProperty ("Content-Type",
>>           "application/x-java-serialized-object");
>>
>>     <snip>
>>
>>     out = new ObjectOutputStream (con.getOutputStream ());
>>     out.writeObject (obj);
>>     out.flush ();
>>     out.close ();
>>            
>>     in = con.getInputStream ();
>>
>>     int status = con.getResponseCode();
>>
>>     <snip> // print the status
>>
>>     // exception always occurs here. EOF on stream or
>>     // invalid stream header... 
>>     result = new ObjectInputStream (in);
>>     o = result.readObject ();
>>
>>     <return the object to caller>
>>
>> The method call:
>>
>>     int status = con.getResponseCode();
>>
>> Always returns a status of HTTP_OK (200)! Why oh why can't I see a
>> status that indicates that the session has expired? :) Perhaps that
>>     
> the
>   
>> user is no longer authenticated? 
>>
>> Bueller? Bueller? :)
>>
>> If anyone can help I offer them a thousands thanks!
>>
>> -Dennis
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>>   
>>     
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>   


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to