Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Remote Application Platform (RAP) » Client-side javascript error on session timout(Client-side javascript error on session timout)
icon3.gif  Client-side javascript error on session timout [message #897312] Mon, 23 July 2012 14:53 Go to next message
Wouter R is currently offline Wouter R
Messages: 6
Registered: July 2012
Junior Member
We run RAP as a webapp on a tomcat 7 server.

The login is handeled by j_security_check with a session. When the session expires the ajax call from RAP to the server receives the, in the web.xml defined, login window.

Ofcourse the clientside ajax parser doesn't understand the login html page and pastes it into the screen. Resulting in a whitescreen with:

Could not process server response:

Error: SyntaxError: JSON.parse: unexpected character

Script:

and a part of the login window.


This is not very pleasant in a production environment, so we would like to disable the clientside error javascript messages and let it just redirect to the login screen. But there is no information to be found on the internet about this issue.

Is there anybody that knows how to remove the clientside error when the ajax call fails?

Thanks in advance,
Wouter

Re: Client-side javascript error on session timout [message #897437 is a reply to message #897312] Tue, 24 July 2012 07:11 Go to previous messageGo to next message
Rüdiger Herrmann is currently offline Rüdiger Herrmann
Messages: 564
Registered: July 2009
Senior Member
Wouter,

there is no workaround that I'm aware of to prevent the client from
attempting to parse the HTML response (and failing as you described).

For now, you'd have to patch RWT with changes to the client code that
detect the session-expiry response.

However RAP should support such use cases. I could think of different
approaches:
* the client might just replace the current document with the content it
receives if the content is in an unexpected format.
* if the server sends redirect information in the HTTP header (HTTP
3xx), the client could issue a GET request to the redirect-URL
* make the client side response-handler pluggable so that applications
can contribute specialized handler and the current handler would just be
a default/fallback handler
* ...

Would you mind to open an enhancement request to capture the use case
and discuss solutions?

Regards,
Rüdiger

On 23.07.2012 16:54, Wouter R wrote:
> We run RAP as a webapp on a tomcat 7 server.
>
> The login is handeled by j_security_check with a session. When the
> session expires the ajax call from RAP to the server receives the, in
> the web.xml defined, login window.
>
> Ofcourse the clientside ajax parser doesn't understand the login html
> page and pastes it into the screen. Resulting in a whitescreen with:
>
> Could not process server response:
>
> Error: SyntaxError: JSON.parse: unexpected character
>
> Script:
> and a part of the login window.
>
>
> This is not very pleasant in a production environment, so we would like
> to disable the clientside error javascript messages and let it just
> redirect to the login screen. But there is no information to be found on
> the internet about this issue.
>
> Is there anybody that knows how to remove the clientside error when the
> ajax call fails?
>
> Thanks in advance,
> Wouter
>
>
--
Rüdiger Herrmann
http://codeaffine.com
Re: Client-side javascript error on session timout [message #1005503 is a reply to message #897437] Fri, 25 January 2013 17:49 Go to previous messageGo to next message
Arnaud MERGEY is currently offline Arnaud MERGEY
Messages: 131
Registered: March 2010
Location: France
Senior Member
Hello,

I tried to workaround the issue described by Wouter R like this

RWT.getUISession().addUISessionListener(new UISessionListener() {
			
			@Override
			public void beforeDestroy(UISessionEvent pEvent) {
				pEvent.getUISession().getClient().getService( JavaScriptExecutor.class ).execute("window.setTimeout(function() {window.location.href = '.'}, 1);");
			}
		});


In order to try to move outside the RAP page, and avoid the ugly parsing error page when session times out, but for some reasons, this does not work, the beforeDestroy is called at the end of the session, but the code does nothing.

Even if this

getClient().getService( JavaScriptExecutor.class ).execute("window.setTimeout(function() {window.location.href = '.'}, 1);");


is working called from a button selection for example

I noticed In RAP 2.0 there is a support for redirect in protocol (https://bugs.eclipse.org/bugs/show_bug.cgi?id=388249)

Is it possible in server code to send a redirect message to web client in beforeDestroy ? (if yes maybe that could help to workaround to this issue)

Thanks,
Regards,
Arnaud
Re: Client-side javascript error on session timout [message #1011850 is a reply to message #1005503] Wed, 20 February 2013 11:15 Go to previous messageGo to next message
Arnaud MERGEY is currently offline Arnaud MERGEY
Messages: 131
Registered: March 2010
Location: France
Senior Member
Hello,

Investigating more this issue, I did not find anything obvious to workaround this

I think this is something that should be fixed, because I guess protecting rap application using form-based authentication is probably a quite common use case.
In this case detecting the session timeout is quite tricky as when session timeout, server response is an http 200 with form login page content.
Maybe a way could be to check for a Set-Cookie header with JSESSIONID cookie, the server send in case of form-based authentication

Regards,
Arnaud

[Updated on: Wed, 20 February 2013 11:16]

Report message to a moderator

Re: Client-side javascript error on session timout [message #1014164 is a reply to message #1011850] Mon, 25 February 2013 09:27 Go to previous messageGo to next message
Ralf Sternberg is currently offline Ralf Sternberg
Messages: 1291
Registered: July 2009
Senior Member

Hi Arnaud,

I'm afraid there's nothing you can do on the *server* because in case of
servlet container authentication, the RAP servlet will not a receive a
request anymore when the session has timed out.

What happens is this: the client sends an Ajax request, the servlet
container interferes because of the session timeout and sends some HTML
page in response to the Ajax request. This mechanism has not been
developed with Ajax in mind. In fact, most clients expect data or HTML
snippets in response to an Ajax request, not an HTML page.

One option is to configure the servlet container to send the JSON
snippet mentioned in bug 388249 instead of a login page.

Does that help?

Regards,
Ralf

--
Ralf Sternberg

Twitter: @EclipseRAP
Blog: http://eclipsesource.com/blogs/

Professional services for RAP and RCP?
http://eclipsesource.com/services/rap/
Re: Client-side javascript error on session timout [message #1015012 is a reply to message #1014164] Wed, 27 February 2013 08:13 Go to previous messageGo to next message
Wouter R is currently offline Wouter R
Messages: 6
Registered: July 2012
Junior Member
I'm sorry for my late response.

We managed to work around this issue by checking if the header "pragma" exists. When this is the case, we return a custom json error message which will be shown in RAP.

So we found out the rap application requested our jsp page. So we added an extra check in the jsp.

Like this:

<%
if(request.getHeader("pragma") != null) {
response.setHeader("Content-Type", "application/json;charset=UTF-8");
%>{
"meta": {
"error": "session timeout",
"message": "The login session timed out.\nPlease click <a {HREF_URL}>here</a> to restart the session."
},
"operations": []
}<%
} else {
%>
<!DOCTYPE html>
<html>
	<head>
		<meta http-equiv="refresh" content="0; URL=/logout.jsp" />
		<script type="text/javascript">
			window.parent.location.href = "/logout.jsp";
		</script>
	</head>
</html>
<%
}
%>


This is working like a charm. I hope it works for you.

Regards,
Wouter
Re: Client-side javascript error on session timout [message #1015193 is a reply to message #1015012] Wed, 27 February 2013 17:31 Go to previous messageGo to next message
Arnaud MERGEY is currently offline Arnaud MERGEY
Messages: 131
Registered: March 2010
Location: France
Senior Member
Thanks, it was really helpful.
I implemented similar work around with some differences.
In my case I am looking for a content-type header containing application/json in request instead of pragma and
the response is this
response.getWriter().write("{ \"head\" : { \"redirect\" : \""+ request.getContextPath()+"\" } }"); //$NON-NLS-1$ //$NON-NLS-2$, in order to trigger a redirect to the login page directly.

Many thanks again

[Updated on: Wed, 27 February 2013 17:32]

Report message to a moderator

Re: Client-side javascript error on session timout [message #1016366 is a reply to message #1015193] Wed, 06 March 2013 09:08 Go to previous message
Ralf Sternberg is currently offline Ralf Sternberg
Messages: 1291
Registered: July 2009
Senior Member

Hi Wouter, Arnaud,

thank you so much for this update. Recognizing the request from the RAP
application based on the Content-Type seems reasonable to me. When the
client is redirected, it will send the same JSON request to the login jsp.

I've added your solution to bug 390711 [1].

Thanks and regards,
Ralf

[1] https://bugs.eclipse.org/bugs/show_bug.cgi?id=390711

--
Ralf Sternberg

Twitter: @EclipseRAP
Blog: http://eclipsesource.com/blogs/

Professional services for RAP and RCP?
http://eclipsesource.com/services/rap/
Previous Topic:RWT ServiceManager
Next Topic:Images in tables sometimes cropped to 16px
Goto Forum:
  


Current Time: Tue Oct 21 05:40:45 GMT 2014

Powered by FUDForum. Page generated in 0.03721 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software