aspose file tools*
The moose likes Servlets and the fly likes Synchronized Tokens (Web Application Control Flow) Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Synchronized Tokens (Web Application Control Flow)" Watch "Synchronized Tokens (Web Application Control Flow)" New topic
Author

Synchronized Tokens (Web Application Control Flow)

Steve grand
Greenhorn

Joined: Oct 18, 2008
Posts: 3
Hi there

I want to be able to detect when an invalid request has been sent.
i.e accessing an application via a bookmark link but obviously still has a valid session. Or lets say a user is in java.sun.com/form.jsp and changes the url to www.google.com and then a few minutes later changes url back to java.sun.com/form.jsp.

How can I detect that the request above is not valid therefore invalidate such session (forwarding the user to login.page)

I have read about struts tokens but considering struts now will require a lot of work because of how our architecture is right now.

I would like to implement this using a Filter Class. Can someone please shed some light on how i can achieve this without struts.

Thanks in Advance..
[ October 18, 2008: Message edited by: Steve grand ]
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12788
    
    5
How can I detect that the request above is not valid


What exactly is invalid about it?

Why do you care if I switch my browser to another tab and look at yahoo for a while as long as the session is still valid when I switch back?

Bill
Steve grand
Greenhorn

Joined: Oct 18, 2008
Posts: 3
Absolutely good point Bill but when you build apps to meet other peoples requirement it becomes a diff story .........
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61221
    
  66

But you still haven't explained what you mean by "invalid". I have no clue.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Steve grand
Greenhorn

Joined: Oct 18, 2008
Posts: 3
Sorry Bill - what i meant there by invalid request - lets say you in java.sun.com/form.jsp and then you bookmark this page, and you navigate to www.google.com and then five minutes later you re-access java.sun.com/form.jsp this time via the bookmark link (this request is what i am referring to as invalid request.

In a nutshell I would like to invalidate a user's session if they leave my application (website). more less like login out the user
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61221
    
  66

Choosing the term "invalid" for that is confusing... there's nothing truly invalid about it.

You might be able to achieve this extremely bizarre requirement by checking the referer header (yes, it's misspelled) but that's not always guaranteed to always work -- in fact, in the scenario you mentioned, bookmarks, it likely won't.

Probably the only other thing you can do is to use an extremely short session timeout value.

Have you asked the framers of these requirements why they want to alienate their users in this fashion?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Synchronized Tokens (Web Application Control Flow)