• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Who was right about using request filter to validate session?

 
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
At work, a requirement came in to handle session timeouts gracefully across our entire application. Some of our application does so already. But for the screens that are not, I suggested that the tean implement a request filter to validate the session on every request since that was in essence what the requirement called for.

I heard back later from the team that they had decided against my suggestion becuase it would hurt performance ( I am not sure if they actually tested this or not). They only added the logic to our controller servlet which solves the requirement for many screens but not all. And today, I have QA staff complaining of null pointer errors on the pages that don't go through the controller when they let the session time out. I am having to explain to them why the null pointers exceptions are not due to my code.

Anyway, can anyone say if it was a bad idea to use a request filter to validate the session for all requests? I've already pointed out the downsides of the way it was implemented.
 
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What do you validate in the RequestFilter?

Are you going to check whether session exist or not.

Did you tried find out why is it failing in the controller servlet for some request?

Try to have a clientside sessiontimeout and do a ajax call to sigout functionality.
Assuming you have Serverside timeout as well.
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm calling bullshit on the performance argument. Ask for metrics that show there is a performance impact.
 
Mark Williams
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Mohammed, we are simply checking for null values for the session variables that were stored at login. It's not working everywhere because not all of our requests go through the controller servlet. (That's not good, I know, but it's just the way things are and I don't think they are changing anytime soon). That's why I suggested using the filter to check the session variables.

Bear, my thoughts exactly. I should have asked for metrics but I did not hear that the team had shot down my suggestion until after the updates had been released to our customers. The team wasn't actually asking for my opinion anyway... I just happened to be in the cubicle of one of our senior architects when someone was discussing with him and I tried to use the oppourtunity to shine in front of him. I might show him your comment though
 
Bear Bibeault
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Feel free. I'll stand firmly behind it.
 
Ranch Hand
Posts: 398
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I vote for you Mark. That's the right way to implement that requirement.
 
reply
    Bookmark Topic Watch Topic
  • New Topic