9-Sep-04 (Created: 9-Sep-04) | More in 'Howto-Advanced'

How to redirect when a session expires in Aspire for Build 20 and above

This article is applicable when you are using external session managers. This means that you are using Aspire only as a tool to paint pages and update databases and do other work. An external system or a set of pages not controlled by Aspire are responsible for establishing and controlling the session.

This can be the case in a number of times. In one instance we have Aspire as the work horse while Jetspeed controls the access to the web site and also does the lay out. In this case Jetspeed is responsible for establishing the session and also authorizing access to the web pages.

In another instance a third party framework is used to build part of a system and Aspire is used to build another part of the system. In this case the third party framework can set the guidelines for establishing the session.

In both of the cases cited above the session is being controlled by an external entity and not Aspire.

Under such a case, this document describes how you can tell Aspire to redirect to a pre determined web page when session expires.

Read this document if you are using Build 20.x or above.

Settings

You will see configuration entries like this in the aspire.properties file.


#**************************************************************************
#********** Authorization/session management directives
#**************************************************************************
aspire.authentication.userAuthorization=no
aspire.sessionSupport.applySessionManagement=yes
aspire.sessionSupport.mainpage=/webapp/your-page-that-says-session-doesn't exist
request.aspire.sessionSupport.sessionSupportObject.className=\
com.ai.servlets.ExternalSessionManager

Make sure the user authorization is set to "no". If it is set to "yes" Aspire will try to authenticate using HttpAuthentication. The assumption is that the external system is responsible for validating the user.

Next, make sure that the applySessionManagement is set to "yes". If this is set "no" then Aspire will try to create a new session every time if one doesn't exist. When it is set to "yes" Aspire will delegate the control of the session to the "ExternalSessionManager" object.

Here is the behavior of ExternalSessionManager object at that point for these settings

If a session exists then the session is returned and the request is allowed to continue.

If a session is not available then the user is redirected to the page expiration page mentioned above.

How to debug this

  • Run tomcat and your application
  • While not closing the browser you are testing from, restart tomcat
  • Do refresh on the browser
  • If everything worked this should result in a redirection to the session expiration page mentioned above. The main page.

If not do the following to debug this

  • Check aspires log file
  • Look for session related error messages
  • If you see this "Error:ssup: You need to specify a starting main page for the application" somehow Aspire is not able to locate
  • the session main page indicated above
  • As a final resort locate the java file for "ExternalSessionManager.java" and follow the log trace to the error messages in this java file
  • Email me the log file and the aspire.properties file if you can't figure out

In What files is this facility implemented

BaseServlet.java
SessionUtils.java
ExternalSessionManager.java

Further reading

1. How to disable Aspire's http authentication and allow a login page

2. Source code of ExternalSessionManager.java