Eclipse Community Forums: Remote Application Platform (RAP) » Client-side javascript error on session timout

Home » Eclipse Projects » Remote Application Platform (RAP) » Client-side javascript error on session timout(Client-side javascript error on session timout)

Client-side javascript error on session timout [message #897312]

Mon, 23 July 2012 10:53

Eclipse User

We run RAP as a webapp on a tomcat 7 server.

The login is handeled by j_security_check with a session. When the session expires the ajax call from RAP to the server receives the, in the web.xml defined, login window.

Ofcourse the clientside ajax parser doesn't understand the login html page and pastes it into the screen. Resulting in a whitescreen with:

Could not process server response:

Error: SyntaxError: JSON.parse: unexpected character

Script:

and a part of the login window.

This is not very pleasant in a production environment, so we would like to disable the clientside error javascript messages and let it just redirect to the login screen. But there is no information to be found on the internet about this issue.

Is there anybody that knows how to remove the clientside error when the ajax call fails?

Thanks in advance,
Wouter

Re: Client-side javascript error on session timout [message #897437 is a reply to message #897312]

Tue, 24 July 2012 03:11

Eclipse User

Wouter,

there is no workaround that I'm aware of to prevent the client from
attempting to parse the HTML response (and failing as you described).

For now, you'd have to patch RWT with changes to the client code that
detect the session-expiry response.

However RAP should support such use cases. I could think of different
approaches:
* the client might just replace the current document with the content it
receives if the content is in an unexpected format.
* if the server sends redirect information in the HTTP header (HTTP
3xx), the client could issue a GET request to the redirect-URL
* make the client side response-handler pluggable so that applications
can contribute specialized handler and the current handler would just be
a default/fallback handler
* ...

Would you mind to open an enhancement request to capture the use case
and discuss solutions?

Regards,
Rüdiger

On 23.07.2012 16:54, Wouter R wrote:
> We run RAP as a webapp on a tomcat 7 server.
>
> The login is handeled by j_security_check with a session. When the
> session expires the ajax call from RAP to the server receives the, in
> the web.xml defined, login window.
>
> Ofcourse the clientside ajax parser doesn't understand the login html
> page and pastes it into the screen. Resulting in a whitescreen with:
>
> Could not process server response:
>
> Error: SyntaxError: JSON.parse: unexpected character
>
> Script:
> and a part of the login window.
>
>
> This is not very pleasant in a production environment, so we would like
> to disable the clientside error javascript messages and let it just
> redirect to the login screen. But there is no information to be found on
> the internet about this issue.
>
> Is there anybody that knows how to remove the clientside error when the
> ajax call fails?
>
> Thanks in advance,
> Wouter
>
>
--
Rüdiger Herrmann
http://codeaffine.com

Re: Client-side javascript error on session timout [message #1005503 is a reply to message #897437]

Fri, 25 January 2013 12:49

Eclipse User

Hello,

I tried to workaround the issue described by Wouter R like this

RWT.getUISession().addUISessionListener(new UISessionListener() {
			
			@Override
			public void beforeDestroy(UISessionEvent pEvent) {
				pEvent.getUISession().getClient().getService( JavaScriptExecutor.class ).execute("window.setTimeout(function() {window.location.href = '.'}, 1);");
			}
		});

In order to try to move outside the RAP page, and avoid the ugly parsing error page when session times out, but for some reasons, this does not work, the beforeDestroy is called at the end of the session, but the code does nothing.

Even if this

getClient().getService( JavaScriptExecutor.class ).execute("window.setTimeout(function() {window.location.href = '.'}, 1);");

is working called from a button selection for example

I noticed In RAP 2.0 there is a support for redirect in protocol (https://bugs.eclipse.org/bugs/show_bug.cgi?id=388249)

Is it possible in server code to send a redirect message to web client in beforeDestroy ? (if yes maybe that could help to workaround to this issue)

Thanks,
Regards,
Arnaud

Re: Client-side javascript error on session timout [message #1011850 is a reply to message #1005503]

Wed, 20 February 2013 06:15

Eclipse User

Hello,

Investigating more this issue, I did not find anything obvious to workaround this

I think this is something that should be fixed, because I guess protecting rap application using form-based authentication is probably a quite common use case.
In this case detecting the session timeout is quite tricky as when session timeout, server response is an http 200 with form login page content.
Maybe a way could be to check for a Set-Cookie header with JSESSIONID cookie, the server send in case of form-based authentication

Regards,
Arnaud

[Updated on: Wed, 20 February 2013 06:16] by Moderator

Re: Client-side javascript error on session timout [message #1014164 is a reply to message #1011850]

Mon, 25 February 2013 04:27

Eclipse User

Hi Arnaud,

I'm afraid there's nothing you can do on the *server* because in case of
servlet container authentication, the RAP servlet will not a receive a
request anymore when the session has timed out.

What happens is this: the client sends an Ajax request, the servlet
container interferes because of the session timeout and sends some HTML
page in response to the Ajax request. This mechanism has not been
developed with Ajax in mind. In fact, most clients expect data or HTML
snippets in response to an Ajax request, not an HTML page.

One option is to configure the servlet container to send the JSON
snippet mentioned in bug 388249 instead of a login page.

Does that help?

Regards,
Ralf

--
Ralf Sternberg

Twitter: @EclipseRAP
Blog: http://eclipsesource.com/blogs/

Professional services for RAP and RCP?
http://eclipsesource.com/services/rap/

Re: Client-side javascript error on session timout [message #1015012 is a reply to message #1014164]

Wed, 27 February 2013 03:13

Eclipse User

I'm sorry for my late response.

We managed to work around this issue by checking if the header "pragma" exists. When this is the case, we return a custom json error message which will be shown in RAP.

So we found out the rap application requested our jsp page. So we added an extra check in the jsp.

Like this:

<%
if(request.getHeader("pragma") != null) {
response.setHeader("Content-Type", "application/json;charset=UTF-8");
%>{
"meta": {
"error": "session timeout",
"message": "The login session timed out.\nPlease click <a {HREF_URL}>here</a> to restart the session."
},
"operations": []
}<%
} else {
%>
<!DOCTYPE html>
<html>
	<head>
		<meta http-equiv="refresh" content="0; URL=/logout.jsp" />
		<script type="text/javascript">
			window.parent.location.href = "/logout.jsp";
		</script>
	</head>
</html>
<%
}
%>

This is working like a charm. I hope it works for you.

Regards,
Wouter

Re: Client-side javascript error on session timout [message #1015193 is a reply to message #1015012]

Wed, 27 February 2013 12:31

Eclipse User

Thanks, it was really helpful.
I implemented similar work around with some differences.
In my case I am looking for a content-type header containing application/json in request instead of pragma and
the response is this
response.getWriter().write("{ \"head\" : { \"redirect\" : \""+ request.getContextPath()+"\" } }"); //$NON-NLS-1$ //$NON-NLS-2$, in order to trigger a redirect to the login page directly.

Many thanks again

[Updated on: Wed, 27 February 2013 12:32] by Moderator

Re: Client-side javascript error on session timout [message #1016366 is a reply to message #1015193]

Wed, 06 March 2013 04:08

Eclipse User

Hi Wouter, Arnaud,

thank you so much for this update. Recognizing the request from the RAP
application based on the Content-Type seems reasonable to me. When the
client is redirected, it will send the same JSON request to the login jsp.

I've added your solution to bug 390711 [1].

Thanks and regards,
Ralf

[1] https://bugs.eclipse.org/bugs/show_bug.cgi?id=390711

--
Ralf Sternberg

Twitter: @EclipseRAP
Blog: http://eclipsesource.com/blogs/

Professional services for RAP and RCP?
http://eclipsesource.com/services/rap/

Re: Client-side javascript error on session timout [message #1690975 is a reply to message #1016366]

Wed, 01 April 2015 07:28

Eclipse User

Just reading through this thread, the solution seems to be approximately what I am looking for... however... I'm unsure of 'where' to implement the code.

Previously I have used settings for forms within JBoss, WebSphere, Tomcat etc. to specify a redirect URL when the session expires, which is quite complex for what I am trying to achieve. Ideally I would like to programatically define a URL to use for redirect on session timeout, but cannot see how to apply this.

As well as supporting running under a 'proper' AppServer (as mentioned above), I also need a generic solution that will work under OSGi standalone too.

Is there any such solution, perhaps provided by the RAP framework?
Can some JS be injected into my application's start page somehow that sets up the redirect in preparation for a session time-out?

I understand that the redirect logic cannot be triggered directly in the RAP runtime, as this is 'server-side' and hence the connection to the browser is gone by the time the session time-out occurs, but I can work out the correct redirect URL early in the application's life and provide it to the browser somehow while it is alive, so it knows what to do when a time-out does occur... but how to do this?

Thanks,
John

Previous Topic:	Deploying on RAP 1.5
Next Topic:	problem when deploying sample RAP application in JBOSS 7.1.0

Goto Forum:

-=] Back to Top [=-

Current Time: Wed Jul 23 18:32:21 EDT 2025

.:: Contact :: Home ::.

Breadcrumbs

Sign up to our Newsletter