tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "COLE,GLENN (Non-HP-SantaClara,ex2)" <>
Subject detecting timeout (was: Session Problem)
Date Thu, 04 Jan 2001 21:36:34 GMT
Craig McClanahan writes:

>The strategy I follow is to store a username (or some User object) as a
>attribute when the user logs on, like this:
>    HttpSession session = request.getSession();
>    String username = ... whatever the username is ...
>    session.setAttribute("user", username);
>Now on every request, I can check very simply whether the user is logged on
>    HttpSession session = request.getSession();
>    String username = (String) request.getAttribute("user");
>    if (username == null) {
>        ... the user is *not* logged on ...
>    } else {
>       ... the user *is* logged on ...
>    }
>* If the user comes back before the session has timed out,
>  the "user" attribute will still be present.
>* If the session has timed out, a new session will be created
>  by the logic above -- but the "user" attribute will be missing
>  (because the user has not gone through your "login" yet).
>  Typically, you would redirect them to the login page here.

If the user tries to bookmark a page inside the application,
so they can return at a later date without signing on (a no-no),
the symptom appears the same.

So the question I had was:  how can I detect whether they tried this
"deep bookmark," or whether the session just timed out?

Thanks to the RequestHeaderExample servlet, I think I just found an
answer.  The header "referer" appears to be set when the page is accessed
from a link, and contains the full URI of the original page.  (The header
is not set if the new URI is entered directly.)

Thus, it appears the following will work (Apache 1.3.12 + Tomcat 3.2.1):

   String referer = request.getHeader( "referer" );
   if( referer == null  ||  referer.toUpperCase.indexOf( "X.COM" ) < 0 ) {
      ... deep bookmark ...
   } else {
      ... timeout ...

Is there a better way?

--Glenn, who should probably lurk longer before asking

View raw message