Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Synchronized Tokens (Web Application Control Flow)

 
Steve grand
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi there

I want to be able to detect when an invalid request has been sent.
i.e accessing an application via a bookmark link but obviously still has a valid session. Or lets say a user is in java.sun.com/form.jsp and changes the url to www.google.com and then a few minutes later changes url back to java.sun.com/form.jsp.

How can I detect that the request above is not valid therefore invalidate such session (forwarding the user to login.page)

I have read about struts tokens but considering struts now will require a lot of work because of how our architecture is right now.

I would like to implement this using a Filter Class. Can someone please shed some light on how i can achieve this without struts.

Thanks in Advance..
[ October 18, 2008: Message edited by: Steve grand ]
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13064
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How can I detect that the request above is not valid


What exactly is invalid about it?

Why do you care if I switch my browser to another tab and look at yahoo for a while as long as the session is still valid when I switch back?

Bill
 
Steve grand
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Absolutely good point Bill but when you build apps to meet other peoples requirement it becomes a diff story .........
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64973
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
But you still haven't explained what you mean by "invalid". I have no clue.
 
Steve grand
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry Bill - what i meant there by invalid request - lets say you in java.sun.com/form.jsp and then you bookmark this page, and you navigate to www.google.com and then five minutes later you re-access java.sun.com/form.jsp this time via the bookmark link (this request is what i am referring to as invalid request.

In a nutshell I would like to invalidate a user's session if they leave my application (website). more less like login out the user
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64973
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Choosing the term "invalid" for that is confusing... there's nothing truly invalid about it.

You might be able to achieve this extremely bizarre requirement by checking the referer header (yes, it's misspelled) but that's not always guaranteed to always work -- in fact, in the scenario you mentioned, bookmarks, it likely won't.

Probably the only other thing you can do is to use an extremely short session timeout value.

Have you asked the framers of these requirements why they want to alienate their users in this fashion?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic