tags:

views:

70

answers:

3
+1  Q: 

java/GWT web app : how to get a callback on Session Timeout

We have a GWT app that is deployed on Tomcat. On the server, we have set a timeout of 1 minute

httpSession.setMaxInactiveInterval(1*60)

At the client-side, we set a few cookies with a timeout value of 1 minute as well. After 1 minute, we notice that the client-side cookies are removed; However the JSESSIONID set by the servlet container(jetty/tomcat) is still present in the client.

On Session timeout, our user wants us to throw an alert/message dialog to alert him/her that the session has timed out and the user should log in to the server again. It appears that we need a a client-side callback on the timeout -- is there an API that we can call to set a callback on Session Timeout ?

As of now, if the user hits the server with an expired session, we do tell him that the session has expired; However the Customer wants us to prevent "lost changes" by alerting the user that the session has timed out( without wasting time on editing any of the client-side data and then submitting to finding out that the session has timed out -- lost changes!)

What are other ways of dealing with the situation ?

Thank you,

A: 

To send data from the server, you can either use HTML5 Web Sockets or for older browsers, some form of Comet.

Alternatively, you could have your GWT client periodically send pings to the server to check whether the session is still available, but this will result in a lot of needless HTTP requests and will be less efficient.

Jason Hall  2010-10-19 16:57:20
thanks. Are there no other alternatives to get a callback on session timeout ?
anjanb  2010-10-19 17:03:36
Web Socket support is still pretty hit or miss. You can emulate it with a few different workarounds but I don't think it's worth the trouble in this case. Long polling would work well in this situation by just having the server finally respond to the outstanding request prior to killing the session.
j flemm  2010-10-19 18:33:13
Web socket support in Java servlet containers is non-existant. We use chrome so it is available in the latest version of the browser;
anjanb  2010-10-20 06:10:16
A: 

If your application has a web.xml file add this to the webapp portion

<session-config>
     <session-timeout>30</session-timeout>
</session-config>

This is the server side timeout of sessions in minutes

*Edit - since the Idea of this seems to be lost with some readers. If the user tries to hit the server with an expired session, they can be redirected to the login page as the original poster had asked. There is no reason the front end has to send a callback to the server when the cookie expires. If the user does not send a sessionID, they go to the login screen. If they send a session ID to the server which has expired, send them to the login page. The pop-up message can be handled in the front end

Sean  2010-10-19 16:57:36
The question is not about setting the timeout period.
Janek Bogucki  2010-10-19 17:00:14
Other then "However the JSESSIONID set by the servlet container(jetty/tomcat) is still present in the client.", "session has timed out and the user should log in to the server again" and "What are other ways of dealing with the situation ?". if the user tries to hit the server with an expired session, they can be redirected to the login page as the original poster had asked.
Sean  2010-10-19 17:11:54
Hi Sean, thank you. as of now, if the user hits the server with an expired session, we do tell him that the session has expired; However the Customer wants us to alert the user that the session has timed out without wasting time on editing any of the client-side data and then submitting to finding out that the session has timed out.
anjanb  2010-10-19 17:21:42
you could write a method in javascript. which checks that the cookie exists. something in the lines of if(getCookie('jsessionid') == null) and if this is found, show the user a popup message. This would detect your scenario on the client side, and alert the user before they continue editing any more information
Sean  2010-10-19 17:47:36
Hi Sean, thanks. However, as I noted in my question, all the other client-side cookies except JSESSIONID(set by server-side) expire on session-timeout; JSessionID, however, does NOT expire at session timeout -- when introspected in Chrome Developer tools, we can see that the JSESSIONID has a session value for Expiry. however, the idea of showing a message to the user when the cookie has expired is a good idea -- will explore and get back to you.
anjanb  2010-10-20 06:07:58
+2  A: 

We have done it our GWT application where the users are warned before the session expires

  • We have every client request to go through LoggingAsyncHandler (We extend each async call with this)
  • In LoggingAysyncHandler we set timer (A Timer class from GWT) which is little less than the session time out so if there is no activity until this time we pop up a message to the client: "Would you like to continue" if they press ok we reset the timer and make a dummy call to server which resets the session time out as well.

Hope it helps!

Vishal  2010-10-19 17:54:01
vishal, thanks -- the idea does help. Will try to implement the same and get back to you.
anjanb  2010-10-20 05:34:37
"We have every client request to go through LoggingAsyncHandler (We extend each async call with this)" -- can you elaborate on this. Isn't the Async an interface ? Can you share some high level code ? Thanks.
anjanb  2010-10-20 19:31:23
@anjanb: The code is little messed up but the idea is to have each async handler extend from LoggingAsyncHandler which further implements AsyncCallback. Now you can the common code to restart the timer in LoggingAsyncHandler.
Vishal  2010-10-20 22:17:40

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java