B4J Question B4J webapp: how to know if session data is invalidated

billzhan

Active Member
Licensed User
Longtime User
Hi,

In B4J webapp/server, I saved some data in session, and share them between threads. It turned out that session will expire after a certain time if it's active. (In webapp :set by ws.Session.MaxInactiveInterval )

For security, I prefer not to set MaxInactiveInterval to a large number. When access to an invalidated session, an error will be thrown:

B4X:
java.lang.RuntimeException: java.lang.IllegalStateException
    at anywheresoftware.b4a.BA.raiseEvent2(BA.java:114)
    at anywheresoftware.b4a.BA.raiseEvent(BA.java:84)
    at anywheresoftware.b4j.object.WebSocketModule$Adapter$1.run(WebSocketModule.java:126)
    at anywheresoftware.b4a.keywords.SimpleMessageLoop.runMessageLoop(SimpleMessageLoop.java:30)
    at anywheresoftware.b4a.StandardBA.startMessageLoop(StandardBA.java:26)
    at anywheresoftware.b4j.object.WebSocketModule$Adapter$ThreadHandler.run(WebSocketModule.java:195)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
    at java.util.concurrent.FutureTask.run(FutureTask.java:262)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalStateException
    at org.eclipse.jetty.server.session.AbstractSession.checkValid(AbstractSession.java:110)
    at org.eclipse.jetty.server.session.HashedSession.checkValid(HashedSession.java:79)
    at org.eclipse.jetty.server.session.AbstractSession.getAttribute(AbstractSession.java:141)
    at anywheresoftware.b4j.object.HttpSessionWrapper.GetAttribute2(HttpSessionWrapper.java:54)
    at b4j.example.indexpage._showgrouppagebysession(indexpage.java:3690)
    at b4j.example.indexpage._indexotheraction_event(indexpage.java:2440)
    at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at anywheresoftware.b4a.BA.raiseEvent2(BA.java:93)
    ... 10 more

Two ways been used to test if session data is invalidated:

B4X:
'1. use try and catch
    Dim IsSessionInvalid As Boolean=False
    Try
        ws.Session.GetAttribute2("userid",-1)
    Catch
        IsSessionInvalid=True
    End Try
    Log("Is Session Invalid "&IsSessionInvalid)


'2 use a timer to check
    Dim wsexpiretime As Long =ws.Session.LastAccessedTime+ws.Session.MaxInactiveInterval*1000
    Dim wst2expire As Long =(wsexpiretime-DateTime.Now)/1000   
    Log("wst2expire " &wst2expire)


I would like to know if there is other way to detect invalidated data.

Thanks,
bz
 

billzhan

Active Member
Licensed User
Longtime User
Yes.

I think it's better to change the logic. Session data should be saved to thread private variables on WebSocket_Connected. If session data may be changed by other threads, it's better to save them as public variables.
 
Upvote 0
Top