tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wade Chandler <hwadechandler-apa...@yahoo.com>
Subject Re: Help with detecting session timeout
Date Mon, 20 Feb 2006 17:29:01 GMT
--- "Klotz Jr, Dennis" <DKlotz@empirix.com> wrote:

> Greetings to all.
> 
> I hope everyone had a great weekend. :) I've run
> into a problem that I
> can't find any answers for and I am hopeful that one
> of you has the time
> to respond.
> 
> Given:
> * Tomcat 5.5.15
> * Applet using jvm 1.5
> * An applet that has been sitting idle and tomcat
> has expired the
> session
> * User tries to click on an applet function that
> sends and requests a
> serialized object.
> 
> Here is code from the APPLET I'm trying to use. This
> applet code (run
> inside a browser) always receives a status of
> HTTP_OK (200)! Any ideas
> why? From what I can tell, tomcat is trying to send
> the user to the
> forms based login but that never happens since the
> applet has control of
> the browser...
> 
>     URL servlet = <set to a servlet URL>;
> 
>     <snip>
> 
>     HttpURLConnection con =
> (HttpURLConnection)servlet.openConnection
> ();
> 
>     con.setDoInput (true);
>     con.setDoOutput (true);
>     con.setUseCaches (false);
>     con.setRequestProperty ("Content-Type",
>           "application/x-java-serialized-object");
> 
>     <snip>
> 
>     out = new ObjectOutputStream
> (con.getOutputStream ());
>     out.writeObject (obj);
>     out.flush ();
>     out.close ();
>            
>     in = con.getInputStream ();
> 
>     int status = con.getResponseCode();
> 
>     <snip> // print the status
> 
>     // exception always occurs here. EOF on stream
> or
>     // invalid stream header... 
>     result = new ObjectInputStream (in);
>     o = result.readObject ();
> 
>     <return the object to caller>
> 
> The method call:
> 
>     int status = con.getResponseCode();
> 
> Always returns a status of HTTP_OK (200)! Why oh why
> can't I see a
> status that indicates that the session has expired?
> :) Perhaps that the
> user is no longer authenticated? 
> 
> Bueller? Bueller? :)
> 
> If anyone can help I offer them a thousands thanks!
> 
> -Dennis
> 
It's not an error that your session has timed out and
apparently you want the user to see the login if using
a browser.  So, it is valid you are getting a status
200 as you are trying to show the user a valid page
using form login.  So, the browser needs 200 to know
it didn't get an error and should show the form. 
Basically you need to either check your return in the
applet to see if it gets back HTML (possibly could
even use different content types for your normal
applet information so you can check the content type
of the HTTP return) or what you expect and maybe place
a tag in your meta section (custom tag) which you can
parse out to tell if you need to have the user
re-login.  If you don't do something like this you're
going to have to implement your own security.  You can
do this using a Filter and implement your own security
polciies and even implement form logins.

Wade

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message