Session expire problems

[Ramesh]

Hi This is Ramesh,

I developed a application using GWT. At the time of developement i
didnt think of the session expiration. If there is any problem at the
server side, i am catching that in my asynchronous calls failure
method and redirecting to some error page.

Here for some reason if the session is going to expire, its going to
the failure of asynchronous call which i assumed as error not as
session expire how to solve this????

Can any one suggest how to increase the session time period.

[meng]

embed an invisible iframe that points to a dummy session enabled jsp
and auto refreshes periodically...

[walden]

Don't use server sessions.

[Ramesh]

Hi Walden,

Do you mean to use cookies instead of session???

[Thomas Broyer]

On 24 juin, 15:15, Ramesh <Ramesh.Tallapan...@gmail.com> wrote:
> Hi Walden,
>
> Do you mean to use cookies instead of session???

Is there any difference?!
(I know, you can "store everything in the Cookie", but that's not any
better and has severe limitations...)

No, just learn to love REST ;-)

Otherwise, have your "session expired" error contain something
specific that you can catch in your async callback failure handler
code and process differently.

[walden]

No, I meant let your client (and client agent) manage its (their) own
sessions. What are you using server sessions for?

[Ramesh]

Hi Walden,

I am not clear with managing session with client agent.

I am setting all the user details in session, If user is performing
any operations will do the server validation with those details.
My problem is some thing like this.....

Lets consider my user contains 5 panels, i am designing all these
panels at the time of log in.

For time being the user is just navigating through all the panels for
some 20 mins which is the session expire time in my server.
After that 20 mins if the user tries to connect with the server by
doing some operation, because of expired session server is throwing an
exception. So its going to failure of my asynchronous call, even if
there is any error in process it will throw an exception which will go
to the failure of the asynchronous call. How can i differentiate
whether the error is due to session expire or due to program error
(This is the starting level of the project, there are some uncaught
exceptions in the code developed)

for avoiding the session expire failure I am maintaining the session
by making a dummy asynchronous call whenever he navigates through
panel (for temp solution)

Do you know any better solution.

[Ramesh]

Hi brower,

What do you mean by we can store every thing in a cookie?
In my panel all the details are in objects, how can i store objects
into a cookie.

[meng]

Hi Ramesh,

Since you are more familiar with the server side session thing, use
the method i suggest above, it's simple and effective.

but bear in mind that it's already not the best choice in ajax world.
session mgmt at the client side is the ultimate behavior. also please
read this http://groups.google.com/group/Google-Web-Toolkit/web/security-for-gwt-applications

To maintain session at the client side, basically at the browser side,
you have a javascript runtime that can hold object and attributes,
which can hold the client session specific information. And such
information can be passed to the server in your rpc call payload which
the server can use to identify the user, and/or the session.

Hi Brower,

to set/read cookie using gwt, pls read this
http://google-web-toolkit.googlecode.com/svn/javadoc/1.4/com/google/gwt/user/client/Cookies.html

but generally it's not much of use...also check out the cookie
restriction set out by various browser...

[walden]

Ramesh,

Can you post the stacktrace from the exception you get when a request
comes in from your client after the server session has expired?

In general, I'm recommending you not store a horkload of client state
on the server side (in sessions), where it impacts your application's
scaleability and causes awkward stuff like what you are now
experiencing. As Thomas said above, learn to love REST (or at least
get familiar with it).

I use no server sessions in my application at all. This may be a ways
away from your existing design, which you have invested time and
effort into, but you should know there is a cleaner way to do it.

Walden

[Roger Marin]

Try parsing the error msg in your async callback like this:

public void onFailure(Throwable caught)
{
	String errorMessage = caught.toString();
	if (errorMessage.indexOf("403") != -1)
	{

	//	Access denied for this role
	//
		Window.alert("Access denied");
	}
	else if (errorMessage.indexOf("Login") != -1)
	{
	//	Session expired : display login form
	//
		LoginDialog.show();

	}
	else
	{
	//	Other error
	//
		Window.alert("Error : " + errorMessage);
	}
}

This example uses acegi but you get the point.
http://www.dotnetguru2.org/bmarchesson/index.php?c=1&more=1&pb=1&tb=1&title=technical_tip_using_acegi_with_gwt

2008/6/25 walden <wmat...@aladdincapital.com>: