Announcement

Collapse
No announcement yet.
X
  • Filter
  • Time
Clear All
new posts

    Handling Session timeout in smartgwt application

    Hi Isomorphics,
    Want to implement session timeout functionality in my smartgwt application(smartgwt 6) and but didn't find proper docs for implementation,
    With the help of below links, implemented the session timeout but having two issue

    https://www.smartclient.com/smartgwt...s/Relogin.html
    http://forums.smartclient.com/forum/...ession-timeout


    1)First Once the session is time out, default browser popup is appearing which will ask for username/password
    But i want to reload the page once the session time out. Don't want to show this browser default popup
    2)Inside my application i am opening the one more iframe window for reporting(cognos external server) where it is rendering the response loginRequiredMarker as it is, instead of reloading the application

    Can anyone explain my how to handle both the situation

    Below is the code

    Added session time out in web.xml

    <session-config>
    <session-timeout>10</session-timeout>
    </session-config>


    Added this onModuleLoad method

    RPCManager.setLoginRequiredMarker("loginRequiredMarker");

    RPCManager.setLoginRequiredCallback(new LoginRequiredCallback() {

    @Override
    public void loginRequired(int transactionNum, RPCRequest request,
    RPCResponse response) {
    SC.say("Session time out", new BooleanCallback() {
    @Override
    public void execute(Boolean value) {
    if(value){
    Window.Location.reload();
    }
    }
    });

    }
    });



    Added this code in my host page

    <SCRIPT>//'"]]>>isc_loginRequired
    //
    // Embed this whole script block VERBATIM into your login page to enable
    // SmartClient RPC relogin.


    if (!window.isc && (window.opener != null || window.top != window)) {
    while (document.domain.indexOf(".") != -1) {
    try {
    if (window.opener && window.opener.isc) break;
    if (window.top.isc) break;
    } catch (e) {
    try {
    document.domain = document.domain.replace(/.*?\./, '');
    } catch (ee) {
    break;
    }
    }
    }
    }

    var isc = top.isc ? top.isc : window.opener ? window.opener.isc : null;
    if (isc && isc.RPCManager) isc.RPCManager.delayCall("handleLoginRequired", [window]);
    </SCRIPT>


    And added one servlet which scans for all the request and check for session timeout


    HttpSession session = ((HttpServletRequest) req).getSession(false);

    if(session!=null){
    //do the further operation
    }else{
    String login="loginRequiredMarker";

    ((HttpServletResponse)res).setStatus(Status.SERVER_SESSION_TIME_OUT);
    ((HttpServletResponse)res).getWriter().write(login);
    ((HttpServletResponse)res).flushBuffer();
    }

    And in my datasource transformResponse

    if(response.getStatus() ==SERVER_SESSION_TIME_OUT){
    response.setAttribute(DATA_ELEMENT, response.getHttpResponseText());
    super.transformResponse(response, request, data);
    }

    Is anything i am doing wrong? please suggest

    #2
    Isomorphic Blama Do you have any idea on this issue?

    Comment


      #3
      1. what "default browser popup"? Usually there isn't a browser pop-up for authentication unless you are using certification-based authentication.

      1a. Perhaps you are confusing a pop-up from SmartGWT with a browser pop-up? Try showing a screenshot
      1b. does loginRequired fire in this circumstance?

      2. a simple approach is to do some other kind of request to ensure that the session is still active (or to cause the user to log back in, if necessary) before opening the new window

      Comment


        #4
        Isomorphic
        ​Yes i am using com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm (basic authentication) for authentication,
        Here i have attached the screen shot which shows the browser popup on session time out
        When the first time session timeout happened this popup will come then if i enter the credential it is checking for session timeout in servlet class and then redirecting to login page
        and after that the second time session timeout, it was working fine (directly it will redirect to login page) without any popup
        Attached Files

        Comment


          #5
          It looks like you may have two forms of authentication checking active simultaneously: HTTP Basic and authentication based on redirecting to a login form. You want to disable the HTTP Basic part as it seems to be interfering with your ability to get to the login page.

          Comment


            #6
            Hi sameen,

            here is the wiki entry I used for my initial setup.

            Best regards
            Blama

            Comment


              #7
              Hi Blama Isomorphic

              Thanks for your help..

              I was able to solve the session time out issue in my updated application (which is using smartgwt 6 version) with the below code

              RPCManager.setLoginRequiredMarker("loginRequiredMarker");

              RPCManager.setLoginRequiredCallback(new LoginRequiredCallback() {

              @Override
              public void loginRequired(int transactionNum, RPCRequest request,
              RPCResponse response) {
              SC.say("Session time out", new BooleanCallback() {
              @Override
              public void execute(Boolean value) {
              if(value){
              Window.Location.reload();
              }
              }
              });

              }
              });

              but the same fix i can't apply for my older production application (which is using smartgwt 3 version)

              RPCManager.setLoginRequiredMarker("loginRequiredMarker"); setLoginRequiredMarker api is not available. Is there any alternative approach or do you have any other solution to fix this issue?

              Comment


                #8
                Hi Blama Isomorphic
                RPCManager.setLoginRequiredMarker is not available in smartgwt 3. what is replacement for this API? How to implement session timeout in smartgwt 3?

                Comment


                  #9
                  SmartGWT 3.0 is too old to use in a production environment, but regardless, you call to setLoginRequiredMarker() should not be necessary to solve this problem, and probably isn't doing anything (or at least not what you think).

                  Comment


                    #10
                    thanks for your response..yes agree smartgwt 3.0 too old but its in production . can you please suggest me how to handle session timeout in smartgwt 3?

                    Comment


                      #11
                      The process for handling session timeout did not change between version 3 and version 6, as you can see from the docs.

                      You don't need the setLoginRequiredMarker() API to implement session timeout handling, and it is not related to the problem you described above.

                      Comment


                        #12
                        As you mentioned above process for handling session timeout did not change between version 3 and version 6,
                        is not true see the java docs below:

                        smartgwt 6 setLoginRequiredCallback:
                        Called when a session timeout is encountered while trying to do a background RPC. See Relogin.

                        The transaction with the passed transactionId is suspended, and should either be cleared or resent after the user has been re-authenticated.

                        The rpcRequest parameter can be used to determine whether the suspended transaction can simply be dropped (eg, it's periodic polling request).

                        The rpcResponse parameter has rpcResponse.data set to the raw text of the response that triggered loginRequired(). Some very advanced relogin strategies may need to inspect the raw response to get information needed for re-authentication.



                        smartgwt 3 setLoginRequiredCallback:

                        The rpcRequest parameter can be used to determine whether the suspended transaction can simply be dropped (eg, it's periodic polling request).

                        The rpcResponse parameter has rpcResponse.data set to the raw text of the response that triggered loginRequired(). Some very advanced relogin strategies may need to inspect the raw response to get information needed for re-authentication.


                        Implemented session timeout in both smartgwt 6 smartgwt 3 application. working fine in smartgwt 6 application but not in smartgwt 3 application . how to handle in this case?
                        Last edited by sameen; 7 Jun 2017, 04:34.

                        Comment


                          #13
                          SmartGWT 6 has some features that 3 did not have. The basic process of relogin works the same, and as you've been told multiple times, the issues you describe above have nothing to do with new features in more recent versions.

                          Since you are trying to work with an end-of-lifed version and, on top of this, just keep asking over and over how to do something that is already documented, please don't expect further responses from Isomorphic.

                          Comment

                          Working...
                          X