Jump to content

Mercious

Members
  • Posts

    8
  • Joined

  • Last visited

Mercious's Achievements

Newbie

Newbie (1/7)

0

Reputation

  1. I could potentially link you to a SO question where i have a very indepth analysis of this behavior going on. It indeed does happen and there is no logical reason as to why it happens. Nothing in my code ever makes the ajax-script set that second cookie and yet it magically appears after session timeout. I swear to you, its weird as ###### and noone as figured out what causes it yet.
  2. Thats an interesting point. I always thought that session timeout is something different as no session at all.So, i guess the tomcat is handeling the sessions in the background and invalidates them as soon as they expire. Meaning a users request with a timed out session is esentially the same as a requesrt by a user that is not logged in?Then, i infact know where this happens in my code and i might be able to adjust it.I just hope this fixes my original problem. The problem is that when i trigger a session timeout with a specific ajax-script, this ajax-script stops working after i logg back in. ONLY this particular script ALWAYS receives a redirect as answer, because the server wrongly assumes that the user is logged out. I observed this in depth in another thread on SO, but i doubt that i am allowed to link to it here. Basically, the ajax-call brings up cookies from an old session, quite randomly. And i think this might cause it. I was lead to believe that this happens because the ajax-script never was notified that its supposed to clear cookies or whatever, as the redirect-response happening on session-timeout is not handled by the script but by the browser.
  3. Thats the point, i really dont. I feel like tomcat has a standard implementation that also supports things such as migrating session among server cluster nodes.At no point in my source code am i checking for session timeouts, yet session timeouts do happen and i can also adjust the time in the web.xml file. I have not implemented this functionality, so there are 2 options: Its either a standard implementation by the tomcat server OR the Hybris Platform, which my software is based on.
  4. Do you not understand the idea behind the approach that he is suggesting or are you just absolutely unable to get hold of how you would go about it?Where exactly are you encountering a problem, at what step of his suggested approach? What have you tried and what isnt working or what do you not understand?
  5. I get the idea, however this is both not necessary as well as the wrong level of problem i am dealing with. Ajax-Requests are already marked with "X-Requested-With" and then the appropiate value in their Request-Header. However, the problem i have is that in terms of session-handeling: The tomcat handles this. I do not have access to what happens if a request uses a timed out session. I do not act on this, the tomcat server does. And even if i define filters, for example, i STILL am only granted access AFTER the tomcat has already dealt with the session-timeout. I hope this makes clear what the problem is?
  6. https://www.google.com/?gfe_rd=cr&ei=tWn5VIjbEqmx0wXuv4LADA#q=1+USD+to+INR
  7. Thanks for the effort, however it wasnt just a random guess from my side. Ajax-calls do not ever receive notification incase the server returns a 302. The browser jumps in before the ajax-script receives information. It then fires (the browser) a new ajax-request for the resource mentioned in the Location-Header. And THEN the ajax gets the response of whatever is returned by that server upon that second request.
  8. Hey there, i have a Java MVC Web Application that uses the Spring-Library for the Backend and then JSP files for the frontend. Now, in various JSP files i am using Ajax to have some smooth design when needed. This whole application is running on an Apache Tomcat Server. I have to admit that i am still very new in the whole Web-Development thing, so bare with me.Following problem: In the current state, i feel like the tomcat server is automatically handeling the Sesions, including session-timeouts. So, i can specify the time when a session is supposed to count as timed out and everything, the server recognized this correctly and whenever i try to request something with a timedout session the server automatically logs me out and brings me back to the login page. I havent found any implementation of such behavior in the source-code, hence i assume that this is somehow implemented by some standard tomcat routine. The problem with this behavior is, that the server sends a 302 redirect message specifying the login-Page as Location in the response-header. While this works fine for normal requests it is bad for ajax-requests, as these cannot handle 302 codes. The browser catches that one and the ajax-call has no chance to ever process the reply. I am experiencing weird cookie problems and i supsect that this might be the cause of the problem. Now, it shouldnt be hard to check whether or not a request is done by an ajax-call or not. However, i have no clue WHERE i should do so. Edit: I know that there is a way of specifying Filters and there is a way of setting up a listner that gets informed about Session-creations and destructions. However, none of these suit what i want. I need to cut in at a level that allows me to process a request, see if it is an ajax-call and then see if the session used along it is timed out and then i need to be able to decide how i respond to it. Using a filter i am BEHIND that step. I get controll when stuff regarding session timeout has happened already. Using a Session-Lifetime listner i do not have any infromation about the request. I cannot respond to anyone because i have no information about any Requests. How could i go about implementing my custom session-timeout behavior without interfering with the servers implementation?Am i even right assuming that the server automatically handles these cases? It feels kind of odd that the server knows that it has to logg someone out and also knows what to redirect to. Thanks in advance If there are any questions regarding mine ... ask away
×
×
  • Create New...