wood burning stoves 2.0*
The moose likes Struts and the fly likes Request objects and authentication redirects Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Request objects and authentication redirects" Watch "Request objects and authentication redirects" New topic
Author

Request objects and authentication redirects

Darien Cheung
Ranch Hand

Joined: Aug 13, 2004
Posts: 36
My application uses DispatchMappingAction objects to handle a variety of user functionality. Each DispatchMappingAction is actually extended from a BaseDispatchMappingAction where in the executeBefore() method, I test the user's ticket and redirect to a login page if necessary.

I'm finding that if the user was in the process of filling out a form and then their ticket expired, the form data is lost after they submit, because they are redirected to the login page and redirects start a new request. What are the general ways to handle this situation? If this is not the optimal way of doing things (unfortunately I didn't write this code so I'm trying to avoid rewriting if possible) what should be the proper way?

Thanks.
Dom Lassy
Ranch Hand

Joined: May 05, 2006
Posts: 181
Also, can you please explain what you mean by ticket? I assume you are referring to a session.

Anyway, if something (a ticket) expires that requires them to login again, why should they be able to submit a form after it (the ticket) is expired?
Darien Cheung
Ranch Hand

Joined: Aug 13, 2004
Posts: 36
Yes, I guess a ticket is a session and it has a timeout value. The authentication is done externally.

Hmm.. you raise a good point. If the session has timed-out, I should probably make them go back to the form and re-enter all the data?
Dom Lassy
Ranch Hand

Joined: May 05, 2006
Posts: 181
Originally posted by Darien Cheung:
Hmm.. you raise a good point. If the session has timed-out, I should probably make them go back to the form and re-enter all the data?


Exactly. I believe that is the common practice. Although sometimes there may be a javascript timer on the front end that warns a user that their session is about to expire and allows them to keep their session alive without reloading the page or losing form data. There are a couple of ways to accomplish this. Post again if you want to know how to implement it.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Request objects and authentication redirects
 
Similar Threads
form based security question
How do I secure only my login page? Please help!
New question on SERVLET filter
how to display errors in servlet
Check User session when ajax aynchronous call is made