You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by sommeralex <al...@gmail.com> on 2013/02/05 12:28:56 UTC
Keeping the session alive pattern?
Hello!
Is there a good "best practise" in tapestry/ (or webframeworks at all) for
keeping a session for a page alive OR handling session timeouts? Is keeping
a session alive an anti-pattern?
I have two pages where some errors occur, if the user wants to do something
but the session is over. Both pages use javascript and have a callback to
the tapestry page via ajax.
e.g. user wants to slide a slider, on slide end:
new Ajax.Request(urlSetGroupPositionAndSize, { onSuccess: updatePage,
parameters: 'lat='+ lat + '&lng=' + lon + '&scopeRadius=' +
Math.floor(scopeRadius)});
but, if the session is over, i get various javascript/tapestry errors on top
of my page - I cant copy them because the error message appears "behind" my
page and it disappears after some seconds. But i could make a screenshot:
http://www.learnclip.com/tapestry/bugs/timeout.png
what i have found so far:
http://mail-archives.apache.org/mod_mbox/tapestry-users/200504.mbox/%3C20050407181906.GA9459@jetpen.com%3E
which mentions to use httpSession.setMaxInactiveInterval or
http://comments.gmane.org/gmane.comp.java.tapestry.user/55982
which says there could be a trick to set the timeout to 0 / which is not
recommended or to use javascript with a period updater / which is also not
recommended.
*so, keeping the session alive is not the way*. right?
BUT
then I would need a "service", which is checking the session validity.
(http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/services/Session.html#isInvalidated())
*would it be enough/ok to make JUST this on my java method* (which is called
from Javascript)?
public void onSetGroupPosAndSize(){
if (session.isInvalidated(){
//return LoginPage.class;
}else {
//go on
}
}
--
View this message in context: http://tapestry.1045711.n5.nabble.com/Keeping-the-session-alive-pattern-tp5719771.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Keeping the session alive pattern?
Posted by Lance Java <la...@googlemail.com>.
I had no idea he was already using tapestry-security until you mentioned it.
I thought my comments were clear that the security frameworks have solved
this problem, I guess I was not.
--
View this message in context: http://tapestry.1045711.n5.nabble.com/Keeping-the-session-alive-pattern-tp5719771p5719861.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Keeping the session alive pattern?
Posted by Lenny Primak <lp...@hope.nyc.ny.us>.
Then I must not be understanding. Why would you introduce a home-grown filter when tapestry-security would do the job for you?
On Feb 7, 2013, at 2:45 AM, Lance Java <la...@googlemail.com> wrote:
> I wasn't suggesting to include spring security in his project. I was
> suggesting that an example of the filter I had suggested earlier could be in
> most, if not all, tapestry security frameworks. For example, if you download
> the tapestry-spring-security and search for "spring-security.loginform.url"
> it should lead you to such a filter.
>
>
>
> --
> View this message in context: http://tapestry.1045711.n5.nabble.com/Keeping-the-session-alive-pattern-tp5719771p5719836.html
> Sent from the Tapestry - User mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Keeping the session alive pattern?
Posted by Lance Java <la...@googlemail.com>.
I wasn't suggesting to include spring security in his project. I was
suggesting that an example of the filter I had suggested earlier could be in
most, if not all, tapestry security frameworks. For example, if you download
the tapestry-spring-security and search for "spring-security.loginform.url"
it should lead you to such a filter.
--
View this message in context: http://tapestry.1045711.n5.nabble.com/Keeping-the-session-alive-pattern-tp5719771p5719836.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Keeping the session alive pattern?
Posted by Bård Magnus Kvalheim <ma...@kvalheim.eu>.
If you can do with activation context - then look no further..
I guess though what you're requesting is user data/login persistence.
We have been quite happy with storing user 'tokens' in cookies - and
transparently logging in users (put in session) prior to any page or
component activity.
We have used a Dispatcher to do the 'cookielogin'.
We have also used a custom tapestry security(shiro) implementation
of CookieRememberMeManager to handle session cookies (but may have native
support by now).
--magnus
On Wed, Feb 6, 2013 at 6:29 PM, Lenny Primak <lp...@hope.nyc.ny.us> wrote:
> I wouldn't recommend using spring security. I believe you are using
> tapestry-security already and it works wonderfully.
>
> On Feb 6, 2013, at 9:16 AM, sommeralex <al...@gmail.com> wrote:
>
> > thx!
> >
> >
> >
> > --
> > View this message in context:
> http://tapestry.1045711.n5.nabble.com/Keeping-the-session-alive-pattern-tp5719771p5719812.html
> > Sent from the Tapestry - User mailing list archive at Nabble.com.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> > For additional commands, e-mail: users-help@tapestry.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
Re: Keeping the session alive pattern?
Posted by Lenny Primak <lp...@hope.nyc.ny.us>.
I wouldn't recommend using spring security. I believe you are using tapestry-security already and it works wonderfully.
On Feb 6, 2013, at 9:16 AM, sommeralex <al...@gmail.com> wrote:
> thx!
>
>
>
> --
> View this message in context: http://tapestry.1045711.n5.nabble.com/Keeping-the-session-alive-pattern-tp5719771p5719812.html
> Sent from the Tapestry - User mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Keeping the session alive pattern?
Posted by sommeralex <al...@gmail.com>.
thx!
--
View this message in context: http://tapestry.1045711.n5.nabble.com/Keeping-the-session-alive-pattern-tp5719771p5719812.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Keeping the session alive pattern?
Posted by Lance Java <la...@googlemail.com>.
>From what I can see, the flowlogix library seems to be a clientside
(javascript poll) based solution. For a serverside based solution, you might
want to look at one of the security frameworks.
For instance tapestry-spring-security [1] has the following configuration
symbol:
spring-security.loginform.url - Url redirected to when trying to use a
secured class and/or method. Defaults to "/loginpage".
[1]
http://www.localhost.nu/java/tapestry-spring-security/conf.html#Configuration
--
View this message in context: http://tapestry.1045711.n5.nabble.com/Keeping-the-session-alive-pattern-tp5719771p5719801.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Keeping the session alive pattern?
Posted by sommeralex <al...@gmail.com>.
lance, ipramak, thank you for the answers / helpful!
2013/2/5 lprimak [via Tapestry] <ml...@n5.nabble.com>
> The FlowLogix library ( http://code.google.com/p/flowlogix/ ) has
> components to deal with the session timeout issues and Ajax.
>
> Take a look at these in particular:
>
> http://code.google.com/p/flowlogix/wiki/TLAJAXAnnotation
> http://code.google.com/p/flowlogix/wiki/TLSessionMonitor
>
>
> On Feb 5, 2013, at 6:28 AM, sommeralex <[hidden email]<http://user/SendEmail.jtp?type=node&node=5719786&i=0>>
> wrote:
>
> > Hello!
> >
> > Is there a good "best practise" in tapestry/ (or webframeworks at all)
> for
> > keeping a session for a page alive OR handling session timeouts? Is
> keeping
> > a session alive an anti-pattern?
> >
> > I have two pages where some errors occur, if the user wants to do
> something
> > but the session is over. Both pages use javascript and have a callback
> to
> > the tapestry page via ajax.
> >
> > e.g. user wants to slide a slider, on slide end:
> > new Ajax.Request(urlSetGroupPositionAndSize, { onSuccess: updatePage,
> > parameters: 'lat='+ lat + '&lng=' + lon + '&scopeRadius=' +
> > Math.floor(scopeRadius)});
> >
> > but, if the session is over, i get various javascript/tapestry errors on
> top
> > of my page - I cant copy them because the error message appears "behind"
> my
> > page and it disappears after some seconds. But i could make a
> screenshot:
> >
> > http://www.learnclip.com/tapestry/bugs/timeout.png
> >
> >
> > what i have found so far:
> >
> >
> http://mail-archives.apache.org/mod_mbox/tapestry-users/200504.mbox/%3C20050407181906.GA9459@...%3E<http://mail-archives.apache.org/mod_mbox/tapestry-users/200504.mbox/%3C20050407181906.GA9459@jetpen.com%3E>
> >
> > which mentions to use httpSession.setMaxInactiveInterval or
> > http://comments.gmane.org/gmane.comp.java.tapestry.user/55982
> >
> > which says there could be a trick to set the timeout to 0 / which is not
> > recommended or to use javascript with a period updater / which is also
> not
> > recommended.
> >
> > *so, keeping the session alive is not the way*. right?
> >
> > BUT
> >
> > then I would need a "service", which is checking the session validity.
> > (
> http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/services/Session.html#isInvalidated())
>
> >
> > *would it be enough/ok to make JUST this on my java method* (which is
> called
> > from Javascript)?
> >
> > public void onSetGroupPosAndSize(){
> >
> > if (session.isInvalidated(){
> >
> > //return LoginPage.class;
> >
> > }else {
> >
> > //go on
> >
> > }
> >
> >
> >
> >
> >
> >
> > }
> >
> >
> >
> >
> >
> >
> >
> >
> > --
> > View this message in context:
> http://tapestry.1045711.n5.nabble.com/Keeping-the-session-alive-pattern-tp5719771.html
> > Sent from the Tapestry - User mailing list archive at Nabble.com.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [hidden email]<http://user/SendEmail.jtp?type=node&node=5719786&i=1>
> > For additional commands, e-mail: [hidden email]<http://user/SendEmail.jtp?type=node&node=5719786&i=2>
> >
>
>
> ------------------------------
> If you reply to this email, your message will be added to the discussion
> below:
>
> http://tapestry.1045711.n5.nabble.com/Keeping-the-session-alive-pattern-tp5719771p5719786.html
> To unsubscribe from Keeping the session alive pattern?, click here<http://tapestry.1045711.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5719771&code=YWxleGFuZGVyLnNvbW1lckBnbWFpbC5jb218NTcxOTc3MXwxMDUzMzQxMzM4>
> .
> NAML<http://tapestry.1045711.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>
--
View this message in context: http://tapestry.1045711.n5.nabble.com/Keeping-the-session-alive-pattern-tp5719771p5719788.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
Re: Keeping the session alive pattern?
Posted by Lenny Primak <lp...@hope.nyc.ny.us>.
The FlowLogix library ( http://code.google.com/p/flowlogix/ ) has components to deal with the session timeout issues and Ajax.
Take a look at these in particular:
http://code.google.com/p/flowlogix/wiki/TLAJAXAnnotation
http://code.google.com/p/flowlogix/wiki/TLSessionMonitor
On Feb 5, 2013, at 6:28 AM, sommeralex <al...@gmail.com> wrote:
> Hello!
>
> Is there a good "best practise" in tapestry/ (or webframeworks at all) for
> keeping a session for a page alive OR handling session timeouts? Is keeping
> a session alive an anti-pattern?
>
> I have two pages where some errors occur, if the user wants to do something
> but the session is over. Both pages use javascript and have a callback to
> the tapestry page via ajax.
>
> e.g. user wants to slide a slider, on slide end:
> new Ajax.Request(urlSetGroupPositionAndSize, { onSuccess: updatePage,
> parameters: 'lat='+ lat + '&lng=' + lon + '&scopeRadius=' +
> Math.floor(scopeRadius)});
>
> but, if the session is over, i get various javascript/tapestry errors on top
> of my page - I cant copy them because the error message appears "behind" my
> page and it disappears after some seconds. But i could make a screenshot:
>
> http://www.learnclip.com/tapestry/bugs/timeout.png
>
>
> what i have found so far:
>
> http://mail-archives.apache.org/mod_mbox/tapestry-users/200504.mbox/%3C20050407181906.GA9459@jetpen.com%3E
>
> which mentions to use httpSession.setMaxInactiveInterval or
> http://comments.gmane.org/gmane.comp.java.tapestry.user/55982
>
> which says there could be a trick to set the timeout to 0 / which is not
> recommended or to use javascript with a period updater / which is also not
> recommended.
>
> *so, keeping the session alive is not the way*. right?
>
> BUT
>
> then I would need a "service", which is checking the session validity.
> (http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/services/Session.html#isInvalidated())
>
> *would it be enough/ok to make JUST this on my java method* (which is called
> from Javascript)?
>
> public void onSetGroupPosAndSize(){
>
> if (session.isInvalidated(){
>
> //return LoginPage.class;
>
> }else {
>
> //go on
>
> }
>
>
>
>
>
>
> }
>
>
>
>
>
>
>
>
> --
> View this message in context: http://tapestry.1045711.n5.nabble.com/Keeping-the-session-alive-pattern-tp5719771.html
> Sent from the Tapestry - User mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
Re: Keeping the session alive pattern?
Posted by Lance Java <la...@googlemail.com>.
You could develop a new page annotation (@RequiresSession) that you could
mark your pages with. Then you could contribute a ComponentRequestFilter
which makes sure that a valid session is available for all pages marked with
@RequiresSession. For normal (non-ajax) requests, the filter causes a
redirect to your login page. For ajax requests, the filter causes some
javascript to fire which sets window.location to your login page.
--
View this message in context: http://tapestry.1045711.n5.nabble.com/Keeping-the-session-alive-pattern-tp5719771p5719785.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org