Search the Community
Showing results for tags '302'.
Hey there, i have a Java MVC Web Application that uses the Spring-Library for the Backend and then JSP files for the frontend. Now, in various JSP files i am using Ajax to have some smooth design when needed. This whole application is running on an Apache Tomcat Server. I have to admit that i am still very new in the whole Web-Development thing, so bare with me.Following problem: In the current state, i feel like the tomcat server is automatically handeling the Sesions, including session-timeouts. So, i can specify the time when a session is supposed to count as timed out and everything, the server recognized this correctly and whenever i try to request something with a timedout session the server automatically logs me out and brings me back to the login page. I havent found any implementation of such behavior in the source-code, hence i assume that this is somehow implemented by some standard tomcat routine. The problem with this behavior is, that the server sends a 302 redirect message specifying the login-Page as Location in the response-header. While this works fine for normal requests it is bad for ajax-requests, as these cannot handle 302 codes. The browser catches that one and the ajax-call has no chance to ever process the reply. I am experiencing weird cookie problems and i supsect that this might be the cause of the problem. Now, it shouldnt be hard to check whether or not a request is done by an ajax-call or not. However, i have no clue WHERE i should do so. Edit: I know that there is a way of specifying Filters and there is a way of setting up a listner that gets informed about Session-creations and destructions. However, none of these suit what i want. I need to cut in at a level that allows me to process a request, see if it is an ajax-call and then see if the session used along it is timed out and then i need to be able to decide how i respond to it. Using a filter i am BEHIND that step. I get controll when stuff regarding session timeout has happened already. Using a Session-Lifetime listner i do not have any infromation about the request. I cannot respond to anyone because i have no information about any Requests. How could i go about implementing my custom session-timeout behavior without interfering with the servers implementation?Am i even right assuming that the server automatically handles these cases? It feels kind of odd that the server knows that it has to logg someone out and also knows what to redirect to. Thanks in advance If there are any questions regarding mine ... ask away