handling session timeout - is there a central hook?

Skip to first unread message


Dec 27, 2010, 5:56:43 PM12/27/10
to Google Web Toolkit

I wondered why my application still worked, even when the session
timed out on the server. It still worked, because the current user is
also stored in my application and I never check this against the
server's session data.

However, I have a lot of services and each service has a lot of
methods. The only solution that comes into my mind is to check the
session on every service call, i. e. in every method:

class MyServiceImpl...
public void oneOfManyMethods ()
if (sessionTimedOut ())
gotoLoginPage ();

But this would be a bad solution, since I had to do this check in
every method. It would be much more elegant if there were a central
place for this code.

Can I place some code somewhere so that it will be executed on every
service call?


Sergio Von Knorring

Dec 27, 2010, 8:58:47 PM12/27/10
to google-we...@googlegroups.com, Google Web Toolkit
Hi you can use a Java filter in the server side to check if the session id

Enviado desde mi iPhone

> --
> You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
> To post to this group, send email to google-we...@googlegroups.com.
> To unsubscribe from this group, send email to google-web-tool...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.

sergio von Knorring

Dec 28, 2010, 7:27:02 AM12/28/10
to google-we...@googlegroups.com
Hi Magnus

You can implement a java Filter in the server Side and check if the session is valid

if is not valid yo do the redirect in the server side.

you can use that way if you call a normal resource to the server for example a .js or img or .jsp or html

to use it for a RPC call you must implement a custom response to the client , and there manage the redirect

something like that, in your web.xml


in the client side you must have a class like

public abstract class DefaultAsyncCallback<T> implements AsyncCallback<T> {

private void handleException(Throwable caught) {
      String msg = caught.getMessage();

      if(caught instanceof SerializableException) {
          SerializableException se = (SerializableException)caught;
          msg = se.getMessage();
          String[] tokens = msg.split("\\|");
          if ("some custom code to do the redirect".equals(tokens[0])){
            GWT.log("Token invalido, redirect a: "+tokens[1], null);



Dec 28, 2010, 10:04:50 PM12/28/10
to Google Web Toolkit
In the server side I created a class (MyServiceServlet) that extends
from RemoteServiceServlet and in the method
onBeforeRequestDeserialized(String serializedRequest) i check if the
user is logued. If is not, i throw a AuthenticationException.

And in the client side I created a abstract class that implements
AsyncCallback<T>, and i created a method onReturn(Throwable caught) in
this method i check if the Exception is instance of
AuthenticationException i redirect the user to the login.

Finally, every ServiceImpl extends from MyServiceServlet so i don't
need to check in every method if the user is logued.

I hope this could be useful for you.

> > google-web-tool...@googlegroups.com<google-web-toolkit%2Bunsu...@googlegroups.com>
> > .
Reply all
Reply to author
0 new messages