Today | RSS | RDF | Atom | Other
 
Advanced Search
Gregg's Weblog
Java Notes From My Desktop

Tags - Categories : All | Articles | Book Reviews | CSS | Java | Javaranch | Javascript | News | Opengl | Opinions | Personal | php
July 2007
SunMonTueWedThuFriSat
 1  2  3  4  5  6  7 
 8  9  10  11  12  13  14 
 15  16  17  18  19  20  21 
 22  23  24  25  26  27  28 
 29  30  31     
Jun  |  Today  |  Aug



Check me out!
LinkedIn

Recent Blog Entries

Recent Responses
Parameterized JSF Facelets Validators


Re: Stripes and JSF: A Brief Comparison

Permalink
[Opinions] [Java] [Javascript] [Javaranch] Session Timeout and AJAX

I doubt what I am about to write is new. In fact, I drudged up bits and pieces all over the internet from searches and kind of combined a few approaches into my own. So if you are reading this and you say to yourself "Hey, I came up with that" then I thank you. But hopefully someone can gain from this anyway.

One of the few things I despise about AJAX is handling session timeouts. Nothing about it is very graceful and my solution doesn't improve on that. However, it is simple and easy. Basically, the problem is that when a web applications session times out we typically want to redirect the user to the login page. I do this in Stripes using an Interceptor but you can think of that as a Filter or what have you. Basically, something on the server side is checking to see if the session has timed out and redirecting the request appropriately. Something kind of like this 

if ( user == null && servletPath.startsWith("/admin"))
{
    executionContext.getActionBeanContext().getMessages().add( new LocalizableMessage( "/AdminLogin.action.notLoggedIn" ) );
    return new ForwardResolution( AdminLoginActionBean.class );
}

if ( user == null && servletPath.startsWith("/advisor"))
{
    executionContext.getActionBeanContext().getMessages().add( new LocalizableMessage( "/AdvisorLogin.action.notLoggedIn" ) );
    return new ForwardResolution( AdvisorLoginActionBean.class );
}

In order to get AJAX requests to change the browser location you have to rely on JavaScript, sad to say. What I do is I add 'ajax=' as a parameter to all my AJAX requests. In my Interceptor/Filter I look for this parameter. If I find it and the session has timed out, I change the HttpServletResponse.status to 403 

if (map.containsKey("ajax"))
{
	ajax = true;
	if (session.isNew())
	{
		logger.debug("###########: SESSION IS NEW");
                executionContext.getActionBeanContext().getResponse().setStatus(403);
		return executionContext.proceed();
	}
}

Using Prototype I set an on403 for all my AJAX requests and call a simple function called sessionTimeout() which does this:

window.location = window.location

What that does is refreshes the page so that the first bit of code I showed above takes over and you actually get to the correct login page.

The only problem with this approach is that if you are doing Ajax.Updater you'll get the login page in whatever DIV element you've specified before the page redirects from the sessionTimeout function. Aside from that it works great.

Tags : , ,
TrackBacks[0] Comments[1] Posted by gthought on July 19, 2007 3:26:12 PM CDT
Powered by Pebble 1.9.1 [ Login ] Content © Gregg Bolinger