|
Re: Client-side javascript error on session timout [message #897437 is a reply to message #897312] |
Tue, 24 July 2012 07:11 |
Rüdiger Herrmann Messages: 581 Registered: July 2009 |
Senior Member |
|
|
Wouter,
there is no workaround that I'm aware of to prevent the client from
attempting to parse the HTML response (and failing as you described).
For now, you'd have to patch RWT with changes to the client code that
detect the session-expiry response.
However RAP should support such use cases. I could think of different
approaches:
* the client might just replace the current document with the content it
receives if the content is in an unexpected format.
* if the server sends redirect information in the HTTP header (HTTP
3xx), the client could issue a GET request to the redirect-URL
* make the client side response-handler pluggable so that applications
can contribute specialized handler and the current handler would just be
a default/fallback handler
* ...
Would you mind to open an enhancement request to capture the use case
and discuss solutions?
Regards,
Rüdiger
On 23.07.2012 16:54, Wouter R wrote:
> We run RAP as a webapp on a tomcat 7 server.
>
> The login is handeled by j_security_check with a session. When the
> session expires the ajax call from RAP to the server receives the, in
> the web.xml defined, login window.
>
> Ofcourse the clientside ajax parser doesn't understand the login html
> page and pastes it into the screen. Resulting in a whitescreen with:
>
> Could not process server response:
>
> Error: SyntaxError: JSON.parse: unexpected character
>
> Script:
> and a part of the login window.
>
>
> This is not very pleasant in a production environment, so we would like
> to disable the clientside error javascript messages and let it just
> redirect to the login screen. But there is no information to be found on
> the internet about this issue.
>
> Is there anybody that knows how to remove the clientside error when the
> ajax call fails?
>
> Thanks in advance,
> Wouter
>
>
--
Rüdiger Herrmann
http://codeaffine.com
|
|
|
Re: Client-side javascript error on session timout [message #1005503 is a reply to message #897437] |
Fri, 25 January 2013 17:49 |
Arnaud MERGEY Messages: 243 Registered: March 2010 Location: France |
Senior Member |
|
|
Hello,
I tried to workaround the issue described by Wouter R like this
RWT.getUISession().addUISessionListener(new UISessionListener() {
@Override
public void beforeDestroy(UISessionEvent pEvent) {
pEvent.getUISession().getClient().getService( JavaScriptExecutor.class ).execute("window.setTimeout(function() {window.location.href = '.'}, 1);");
}
});
In order to try to move outside the RAP page, and avoid the ugly parsing error page when session times out, but for some reasons, this does not work, the beforeDestroy is called at the end of the session, but the code does nothing.
Even if this
getClient().getService( JavaScriptExecutor.class ).execute("window.setTimeout(function() {window.location.href = '.'}, 1);");
is working called from a button selection for example
I noticed In RAP 2.0 there is a support for redirect in protocol (https://bugs.eclipse.org/bugs/show_bug.cgi?id=388249)
Is it possible in server code to send a redirect message to web client in beforeDestroy ? (if yes maybe that could help to workaround to this issue)
Thanks,
Regards,
Arnaud
|
|
|
Re: Client-side javascript error on session timout [message #1011850 is a reply to message #1005503] |
Wed, 20 February 2013 11:15 |
Arnaud MERGEY Messages: 243 Registered: March 2010 Location: France |
Senior Member |
|
|
Hello,
Investigating more this issue, I did not find anything obvious to workaround this
I think this is something that should be fixed, because I guess protecting rap application using form-based authentication is probably a quite common use case.
In this case detecting the session timeout is quite tricky as when session timeout, server response is an http 200 with form login page content.
Maybe a way could be to check for a Set-Cookie header with JSESSIONID cookie, the server send in case of form-based authentication
Regards,
Arnaud
[Updated on: Wed, 20 February 2013 11:16] Report message to a moderator
|
|
|
Re: Client-side javascript error on session timout [message #1014164 is a reply to message #1011850] |
Mon, 25 February 2013 09:27 |
|
Hi Arnaud,
I'm afraid there's nothing you can do on the *server* because in case of
servlet container authentication, the RAP servlet will not a receive a
request anymore when the session has timed out.
What happens is this: the client sends an Ajax request, the servlet
container interferes because of the session timeout and sends some HTML
page in response to the Ajax request. This mechanism has not been
developed with Ajax in mind. In fact, most clients expect data or HTML
snippets in response to an Ajax request, not an HTML page.
One option is to configure the servlet container to send the JSON
snippet mentioned in bug 388249 instead of a login page.
Does that help?
Regards,
Ralf
--
Ralf Sternberg
Twitter: @EclipseRAP
Blog: http://eclipsesource.com/blogs/
Professional services for RAP and RCP?
http://eclipsesource.com/services/rap/
|
|
|
|
Re: Client-side javascript error on session timout [message #1015193 is a reply to message #1015012] |
Wed, 27 February 2013 17:31 |
Arnaud MERGEY Messages: 243 Registered: March 2010 Location: France |
Senior Member |
|
|
Thanks, it was really helpful.
I implemented similar work around with some differences.
In my case I am looking for a content-type header containing application/json in request instead of pragma and
the response is this
response.getWriter().write("{ \"head\" : { \"redirect\" : \""+ request.getContextPath()+"\" } }"); //$NON-NLS-1$ //$NON-NLS-2$, in order to trigger a redirect to the login page directly.
Many thanks again
[Updated on: Wed, 27 February 2013 17:32] Report message to a moderator
|
|
|
|
Re: Client-side javascript error on session timout [message #1690975 is a reply to message #1016366] |
Wed, 01 April 2015 11:28 |
|
Just reading through this thread, the solution seems to be approximately what I am looking for... however... I'm unsure of 'where' to implement the code.
Previously I have used settings for forms within JBoss, WebSphere, Tomcat etc. to specify a redirect URL when the session expires, which is quite complex for what I am trying to achieve. Ideally I would like to programatically define a URL to use for redirect on session timeout, but cannot see how to apply this.
As well as supporting running under a 'proper' AppServer (as mentioned above), I also need a generic solution that will work under OSGi standalone too.
Is there any such solution, perhaps provided by the RAP framework?
Can some JS be injected into my application's start page somehow that sets up the redirect in preparation for a session time-out?
I understand that the redirect logic cannot be triggered directly in the RAP runtime, as this is 'server-side' and hence the connection to the browser is gone by the time the session time-out occurs, but I can work out the correct redirect URL early in the application's life and provide it to the browser somehow while it is alive, so it knows what to do when a time-out does occur... but how to do this?
Thanks,
John
---
Just because you can doesn't mean you should
|
|
|
Powered by
FUDForum. Page generated in 0.06048 seconds