Return-Path: 
 <users-return-140895-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: (qmail 34835 invoked from network); 20 Feb 2006 17:29:42 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 20 Feb 2006 17:29:42 -0000
Received: (qmail 6266 invoked by uid 500); 20 Feb 2006 17:29:25 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 6193 invoked by uid 500); 20 Feb 2006 17:29:24 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 6161 invoked by uid 99); 20 Feb 2006 17:29:24 -0000
Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 20 Feb 2006 09:29:24 -0800
X-ASF-Spam-Status: No, hits=1.4 required=10.0
	tests=DNS_FROM_RFC_ABUSE,DNS_FROM_RFC_WHOIS
X-Spam-Check-By: apache.org
Received-SPF: pass (asf.osuosl.org: local policy)
Received: from [66.163.178.48] (HELO web33801.mail.mud.yahoo.com)
 (66.163.178.48)
    by apache.org (qpsmtpd/0.29) with SMTP; Mon, 20 Feb 2006 09:29:22 -0800
Received: (qmail 21190 invoked by uid 60001); 20 Feb 2006 17:29:01 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=QbCEXPzD2ERvSqzmQ3ZJoXmEk92Khn1uYy3LS+OzVwA5qfqfW31zzQeio7Xj1h2lePHcZIoxNbJmD0jJ7kiUg05o9yNsGYdy2CkS9FBsUAAermJpiyXKrbBlGEmmV5747YTVFrxxjkqXzfCUh9wjKlszco2asbjxTqWc4IC+uqw=
  ;
Message-ID: <20060220172901.21188.qmail@web33801.mail.mud.yahoo.com>
Received: from [69.1.58.6] by web33801.mail.mud.yahoo.com via HTTP;
 Mon, 20 Feb 2006 09:29:01 PST
Date: Mon, 20 Feb 2006 09:29:01 -0800 (PST)
From: Wade Chandler <hwadechandler-apache@yahoo.com>
Reply-To: hwadechandler-apache@yahoo.com
Subject: Re: Help with detecting session timeout
To: Tomcat Users List <users@tomcat.apache.org>
In-Reply-To: <BD261180E6D35F4D9D32F3E44FD3D901026C313F@EMPBEDEX.empirix.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Virus-Checked: Checked by ClamAV on apache.org
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N

--- "Klotz Jr, Dennis" <DKlotz@empirix.com> wrote:

> Greetings to all.
> 
> I hope everyone had a great weekend. :) I've run
> into a problem that I
> can't find any answers for and I am hopeful that one
> of you has the time
> to respond.
> 
> Given:
> * Tomcat 5.5.15
> * Applet using jvm 1.5
> * An applet that has been sitting idle and tomcat
> has expired the
> session
> * User tries to click on an applet function that
> sends and requests a
> serialized object.
> 
> Here is code from the APPLET I'm trying to use. This
> applet code (run
> inside a browser) always receives a status of
> HTTP_OK (200)! Any ideas
> why? From what I can tell, tomcat is trying to send
> the user to the
> forms based login but that never happens since the
> applet has control of
> the browser...
> 
>     URL servlet = <set to a servlet URL>;
> 
>     <snip>
> 
>     HttpURLConnection con =
> (HttpURLConnection)servlet.openConnection
> ();
> 
>     con.setDoInput (true);
>     con.setDoOutput (true);
>     con.setUseCaches (false);
>     con.setRequestProperty ("Content-Type",
>           "application/x-java-serialized-object");
> 
>     <snip>
> 
>     out = new ObjectOutputStream
> (con.getOutputStream ());
>     out.writeObject (obj);
>     out.flush ();
>     out.close ();
>            
>     in = con.getInputStream ();
> 
>     int status = con.getResponseCode();
> 
>     <snip> // print the status
> 
>     // exception always occurs here. EOF on stream
> or
>     // invalid stream header... 
>     result = new ObjectInputStream (in);
>     o = result.readObject ();
> 
>     <return the object to caller>
> 
> The method call:
> 
>     int status = con.getResponseCode();
> 
> Always returns a status of HTTP_OK (200)! Why oh why
> can't I see a
> status that indicates that the session has expired?
> :) Perhaps that the
> user is no longer authenticated? 
> 
> Bueller? Bueller? :)
> 
> If anyone can help I offer them a thousands thanks!
> 
> -Dennis
> 
It's not an error that your session has timed out and
apparently you want the user to see the login if using
a browser.  So, it is valid you are getting a status
200 as you are trying to show the user a valid page
using form login.  So, the browser needs 200 to know
it didn't get an error and should show the form. 
Basically you need to either check your return in the
applet to see if it gets back HTML (possibly could
even use different content types for your normal
applet information so you can check the content type
of the HTTP return) or what you expect and maybe place
a tag in your meta section (custom tag) which you can
parse out to tell if you need to have the user
re-login.  If you don't do something like this you're
going to have to implement your own security.  You can
do this using a Filter and implement your own security
polciies and even implement form logins.

Wade

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org