Filip, Perhaps we have different web.xml deployments in mind...
In my case the code you suggested never gets called once the tomcat session is expired. Here are snippets from my web.xml: <snip> <servlet> <servlet-name>CallQServlet</servlet-name> <servlet-class>com.xyz.hm.callq.server.CallQServlet</servlet-class> <init-param> <param-name>debug</param-name> <param-value>false</param-value> </init-param> </servlet> <servlet-mapping> <servlet-name>CallQServlet</servlet-name> <url-pattern>/servlet/CallQServlet</url-pattern> </servlet-mapping> <snip> <security-constraint> <display-name>My Product Name</display-name> <web-resource-collection> <web-resource-name>some name</web-resource-name> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>acme_tier1</role-name> <role-name>acme_guest</role-name> <role-name>acme_admin</role-name> <role-name>acme_tier3</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <snip> <login-config> <auth-method>FORM</auth-method> <realm-name>Acme Product Name</realm-name> <form-login-config> <form-login-page>/XMSLogin.jsp</form-login-page> <form-error-page>/error_401.html</form-error-page> </form-login-config> </login-config> <!-- SECURITY ROLES --> <security-role> <description>Normal User of the Mycompany product</description> <role-name>acme_tier3</role-name> </security-role> <security-role> <description>Normal User of the Mycompany product </description> <role-name>acme_guest</role-name> </security-role> <security-role> <description>Administrator of the Mycompany product </description> <role-name>acme_admin</role-name> </security-role> <security-role> <description>Tier1 User of the Mycompany product </description> <role-name>acme_tier1</role-name> </security-role> </web-app> And at the top of CallQServlet.java's doGet(): System.out.println (this.getClass ().getName () + " : INFO : entering doGet()"); System.out.println (this.getClass ().getName () + " : INFO : Request toString():" + req.toString ()); if ((session = req.getSession (false)) == null) { System.out.println (this.getClass ().getName () + " : WARNING : getSession() failed !"); res.sendError(505, "No session available on the server"); return; } Once the session expires... this code never gets called by tomcat. So I am not really sure what you are thinking about? -Dennis -----Original Message----- From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Sent: Monday, February 20, 2006 11:46 AM To: Tomcat Users List Subject: Re: Help with detecting session timeout no, that is not true, this could be your servlet (note, this assumes your session was created by another JSP/servlet. note, you can also do request.getSession().isNew() and so on, public void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException { if ( req.getSession(false) == null ) { resp.sendError(505, "No session available on the server"); return; } else { //execute code } } Klotz Jr, Dennis wrote: > Thanks Filip. > > Please correct me if I am wrong... > > Isn't it the case that if the session expires, the client cannot access > any of the servlets within my webapp? Therefore, the response you set > would never be seen by the clients applet. > > So I how your code would ever work? > > Thanks again for responding. > > -Dennis > > > -----Original Message----- > From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] > Sent: Monday, February 20, 2006 11:24 AM > To: Tomcat Users List > Subject: Re: Help with detecting session timeout > > in your servlet, you can do > > ... > if ( session_has_timed_out) { > response.setError(505,"Session has timed out"); > return; > } > .... > > then in your applet, you can catch the 505, > > Filip > > > Klotz Jr, Dennis wrote: > >> Greetings to all. >> >> I hope everyone had a great weekend. :) I've run into a problem that I >> can't find any answers for and I am hopeful that one of you has the >> > time > >> to respond. >> >> Given: >> * Tomcat 5.5.15 >> * Applet using jvm 1.5 >> * An applet that has been sitting idle and tomcat has expired the >> session >> * User tries to click on an applet function that sends and requests a >> serialized object. >> >> Here is code from the APPLET I'm trying to use. This applet code (run >> inside a browser) always receives a status of HTTP_OK (200)! Any ideas >> why? From what I can tell, tomcat is trying to send the user to the >> forms based login but that never happens since the applet has control >> > of > >> the browser... >> >> URL servlet = <set to a servlet URL>; >> >> <snip> >> >> HttpURLConnection con = (HttpURLConnection)servlet.openConnection >> (); >> >> con.setDoInput (true); >> con.setDoOutput (true); >> con.setUseCaches (false); >> con.setRequestProperty ("Content-Type", >> "application/x-java-serialized-object"); >> >> <snip> >> >> out = new ObjectOutputStream (con.getOutputStream ()); >> out.writeObject (obj); >> out.flush (); >> out.close (); >> >> in = con.getInputStream (); >> >> int status = con.getResponseCode(); >> >> <snip> // print the status >> >> // exception always occurs here. EOF on stream or >> // invalid stream header... >> result = new ObjectInputStream (in); >> o = result.readObject (); >> >> <return the object to caller> >> >> The method call: >> >> int status = con.getResponseCode(); >> >> Always returns a status of HTTP_OK (200)! Why oh why can't I see a >> status that indicates that the session has expired? :) Perhaps that >> > the > >> user is no longer authenticated? >> >> Bueller? Bueller? :) >> >> If anyone can help I offer them a thousands thanks! >> >> -Dennis >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]