• Post Reply Bookmark Topic Watch Topic
  • New Topic

Who was right about using request filter to validate session?  RSS feed

 
Mark Williams
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
At work, a requirement came in to handle session timeouts gracefully across our entire application. Some of our application does so already. But for the screens that are not, I suggested that the tean implement a request filter to validate the session on every request since that was in essence what the requirement called for.

I heard back later from the team that they had decided against my suggestion becuase it would hurt performance ( I am not sure if they actually tested this or not). They only added the logic to our controller servlet which solves the requirement for many screens but not all. And today, I have QA staff complaining of null pointer errors on the pages that don't go through the controller when they let the session time out. I am having to explain to them why the null pointers exceptions are not due to my code.

Anyway, can anyone say if it was a bad idea to use a request filter to validate the session for all requests? I've already pointed out the downsides of the way it was implemented.
 
Mohamed Inayath
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What do you validate in the RequestFilter?

Are you going to check whether session exist or not.

Did you tried find out why is it failing in the controller servlet for some request?

Try to have a clientside sessiontimeout and do a ajax call to sigout functionality.
Assuming you have Serverside timeout as well.
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65833
134
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm calling bullshit on the performance argument. Ask for metrics that show there is a performance impact.
 
Mark Williams
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Mohammed, we are simply checking for null values for the session variables that were stored at login. It's not working everywhere because not all of our requests go through the controller servlet. (That's not good, I know, but it's just the way things are and I don't think they are changing anytime soon). That's why I suggested using the filter to check the session variables.

Bear, my thoughts exactly. I should have asked for metrics but I did not hear that the team had shot down my suggestion until after the updates had been released to our customers. The team wasn't actually asking for my opinion anyway... I just happened to be in the cubicle of one of our senior architects when someone was discussing with him and I tried to use the oppourtunity to shine in front of him. I might show him your comment though
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65833
134
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Feel free. I'll stand firmly behind it.
 
Mourouganandame Arunachalam
Ranch Hand
Posts: 398
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I vote for you Mark. That's the right way to implement that requirement.
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!