You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Klotz Jr, Dennis" <DK...@empirix.com> on 2006/02/16 14:29:29 UTC

Best practice for detecting session expiration for applets?

This might be off topic but I am hoping someone has the time to help me
out.

I recently moved from basic to forms based authentication and I am
having some problems with session expiration and my applets.

I serialize plain old java objects back and forth from my client applet
to tomcat 5.5.15 and now I am trying to recognize at the client when a
session has expired, instead of simply getting a nasty exception about
EOF on stream etc.

I'm hoping someone can give me a couple of pointers on what I should do
to handle this from an applet.

Should I do a 'normal' GET or POST heartbeat before the serialization
attempt? (really don't like this idea)?

Should I try and use HttpURLConnections getResponseCode()? (it doesn't
seem to work as I would expect).

Should I use the jakarata commons http client project?  (Seems like
overkill)

Here is an example of the code followed by the exception I get on the
client side:

--------------------------

    HttpURLConnection con = (HttpURLConnection)servlet.openConnection
();
    Object o = null;
        
    // Prepare for both input and output
    con.setDoInput (true);
    con.setDoOutput (true);
        
    // Turn off caching
    con.setUseCaches (false);
        
    // Set the content type to be application/x-java-serialized-object
    con.setRequestProperty ("Content-Type",
"application/x-java-serialized-object");
        
    // Send headers
    sendHeaders (con);
        
    // Write the serialized object as post data
    ObjectOutputStream out = new ObjectOutputStream (con.getOutputStream
());
    out.writeObject (obj);
    out.flush ();
    out.close ();
        
    InputStream in = con.getInputStream ();

    int status = con.getResponseCode ();
    System.out.println (this.getClass ().getName () + " : INFO : " +
status);
    if ((status == con.HTTP_UNAUTHORIZED) ||
        (status == con.HTTP_NOT_AUTHORITATIVE) ||
        (status == con.HTTP_FORBIDDEN))
    {
        System.out.println (this.getClass ().getName () + " : WARNING :
Session timed out !!?? " );
        // TODO: do something useful here. Send custom exception up...
    }

    ObjectInputStream result = new ObjectInputStream (in);
    try
    {
        o = result.readObject ();
    }
    catch 
    ... (snip) ...
    finally 
    {
        in.close();
        result.close();
    }
      
    return (o);

-------------------------

java.io.EOFException
	at java.io.ObjectInputStream$PeekInputStream.readFully(Unknown
Source)
	at
java.io.ObjectInputStream$BlockDataInputStream.readShort(Unknown Source)
	at java.io.ObjectInputStream.readStreamHeader(Unknown Source)
	at java.io.ObjectInputStream.<init>(Unknown Source)
	at
com.empirix.hm.callq.client.common.HttpMessage.sendPostMessage(HttpMessa
ge.java:212)
	at
com.empirix.hm.callq.client.common.CallQSerializeData.sendViaHttp(CallQS
erializeData.java:102)

----------------------

Regards,

Dennis Klotz



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org