Ok, I will try that. Thanks for your answer.
In the meantime, I had experimented a little and I found that I could
use a cookie to store the current user/encoded password combination
and, if the failure case occurs, I "re-authenticate" the user from the
information in the cookie and bind the user to the new session. This
works -- I don't really understand, why the problem occured in the
first place, but at least I do have a workaround now. For those
interested, here is the relevant snippet:
Call this, whenever a user authenticates (or in a more general case:
Whenever you assign data to a session):
private final void updateCookies(String login, String hash) {
Cookie cLogin = new Cookie("userName", login);
Cookie cPwd = new Cookie("userPassword", hash);
int maxAge;
String path = getThreadLocalRequest().getContextPath();
maxAge = 60 * 60 * 24 * 30; // 1 month
cLogin.setMaxAge(maxAge);
cPwd.setMaxAge(maxAge);
cLogin.setPath(path);
cPwd.setPath(path);
getThreadLocalResponse().addCookie(cLogin);
getThreadLocalResponse().addCookie(cPwd);
}
To read the cookie-data:
protected AuthUser getAuthUserFromCookies () {
Cookie[] cookies = getThreadLocalRequest().getCookies();
String loginName = null;
String password = null;
if (cookies != null) {
for (int i = 0; i < cookies.length; i++) {
Cookie cookie = cookies[i];
String name = cookie.getName();
String value = cookie.getValue();
if (name.equalsIgnoreCase("userName")) {
loginName = value;
} else if
(name.equalsIgnoreCase("userPassword")) {
password = value;
}
}
}
System.err.println("Examining cookie: " + loginName + ", " +
password);
// Snip: The following omitted code authenticates the user
using a
password hash
return successfullyAuthenticatedUser;
}
So now, it's down to the failure case:
public final synchronized UserSession getUserSession() throws
SessionExpiredException {
HttpSession session = getSession();
synchronized (session) {
UserBinding userBinding =
(UserBinding)session.getAttribute
(SESSION_USER);
if(userBinding == null) {
System.err.println("Session cookie expired;
re-authenticating
user...");
AuthUser user = getAuthUserFromCookies();
if (user != null) {
UserSession userSession = new
UserSession(user, session.getId());
bindUserToSession(userSession, session);
// Be sure to update the
cookie here, again; otherwise you'll run into problems
// the next time the session
is different.
updateCookies(user.getLoginName(),
user.getPassword());
}
userBinding =
(UserBinding)session.getAttribute(SESSION_USER);
if (userBinding == null) {
throw new
SessionExpiredException("Session expired!");
}
}
return userBinding.getUserSession();
}
}
On 9 Sep., 01:54, Sri <[email protected]> wrote:
> GWT doesn't do anything with the session, so it is strange you are
> facing such a problem.
>
> Perhaps you could make a simple servlet/jsp (independent of gwt) which
> prints the same information as above (ie. sessionid and user object),
> and access the URL via a browser. If you are seeing the same behaviour
> (session id changing), then you would have eliminated GWT from being
> the culprit.
>
> On Sep 8, 4:11 am, "[email protected]"
>
> <[email protected]> wrote:
> > Hi,
>
> > for a GWT application, I need a user management servlet, thus I am
> > setting an attribute for a session in which the current user is stored
> > (like this:
>
> > HttpSession session = getThreadLocalRequest().getSession(true);
> > session.setAttribute("user", "myUserName");
>
> > Now, I do have a different service, which I use to display some data.
> > When I click on a button on the client side, the data is displayed
> > correctly -- in about 59 of 60 cases. If I click the button often
> > enough, at one point, the following code will _not_ work:
>
> > HttpSession session = getThreadLocalRequest().getSession();
> > String userName = (String) session.getAttribute("user");
>
> > and at this point, userName suddenly is null!
> > As I said, most of the time, the code above works, but sometimes, it
> > doesn't... Why?
>
> > Also: I have printed the session id to the screen: It is correct (i.e.
> > always the same) as long as the above code works, but in the failure
> > case, the session id suddenly is different (although I am positive
> > that I neither started a new session nor asked GWT to do so...).
>
> > Any ideas? Do you need more information? What am I doing wrong?
>
> > Thanks for your help!
> > Philipp
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en
-~----------~----~----~----~------~----~------~--~---
