tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From atroiano <atroi...@infomedica.it>
Subject Re: Tomcat Realm Auto-Relogin after Session-Timeout Problem
Date Fri, 18 Sep 2009 11:42:41 GMT


Thanks to Mark and Chris for all suggestions.
I thing that a will follow th Chris suggestion to re-architect my session.

I was attracted by this piece of code in

Re: Tomcat Realm Auto-Relogin after Session-Timeout Problem
lynckmeister
Wed, 11 Feb 2009 06:32:43 -0800

public class SessionTimeoutFilter implements Filter {

        private final Log logger = 
LogFactory.getLog(SessionTimeoutFilter.class);

        private String timeoutPage = "timeout.html";

        public void init(FilterConfig filterConfig) throws ServletException
{
        }

        public void doFilter(ServletRequest request, ServletResponse
response,
                        FilterChain filterChain) throws IOException, 
ServletException {

                if ((request instanceof HttpServletRequest)
                                && (response instanceof
HttpServletResponse)) {
                        HttpServletRequest httpServletRequest = 
(HttpServletRequest) request;
                        HttpServletResponse httpServletResponse = 
(HttpServletResponse) response;
                        
                        
                        // is session expired control required for this
request?
                        if 
(isSessionControlRequiredForThisResource(httpServletRequest)) {
                                String requestedID = 
httpServletRequest.getRequestedSessionId();
                                
                                // is session invalid?
                                HttpSession session = 
httpServletRequest.getSession();
                                String sID = session.getId();
                                String nochmalID = 
httpServletRequest.getQueryString();
                                
                                // ok this is allways false , means the
session 
is allways valid. sure
it is, but its a new one ! 
                                boolean isSessionInValid = (requestedID != 
null)&&
!httpServletRequest.isRequestedSessionIdValid();
                                Object testObject = 
session.getAttribute("ISVALID");
                                
                                // here I tried some things... the 
isSessionInValid flag doesnt help b/c
the session is allways valid
                                // the testObject is allways null b/c if the 
user comes from the
loginpage the user is not set in the first time
                                // with the code like this, we're allways 
redirected in an constant
loop.
                                // besides that I think redirection is not
the 
right way to handle , I
mean, 
                                // i feel the right solution would recognize 
that the session is not in
a proper state and than 
                                // delete the request wich allways causes in 
that crash. but how? and
wich restored information exactly is the wrong one ?
                                if (testObject == null /*&&
isSessionInValid*/ 
) {
                                        String timeoutUrl = 
httpServletRequest.getContextPath()
                                                        + "/" + 
getTimeoutPage();
                                        logger
                                                        .info("session is 
invalid! redirecting to timeoutpage : "
                                                                        + 
timeoutUrl);


and in particular:

                String requestedID =
httpServletRequest.getRequestedSessionId();
                                
                HttpSession session = httpServletRequest.getSession();
                String sID = session.getId();

so i thought that was possible to 'trigger' a re-logon after timeout plus
the reference of both expired session (requestedID) and new session (sID);
if there was a way to copy some attributes from the old session to the new
one i solved my problem.

But seems to me that the old session non more exists at this point of the
request flow. Is this true?

Alberto.

 

-- 
View this message in context: http://www.nabble.com/Re%3A-Tomcat-Realm-Auto-Relogin-after-Session-Timeout-Problem-tp25479941p25507329.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message