rework the initial request error checking in the servlets to be a bit better, and return an error code to the client that the client can then act on (instead of just a string)

src/net/socialgamer/cah/AjaxServlet.java

@@ -65,14 +65,15 @@ public class AjaxServlet extends CahServlet {
       try {
         serial = Integer.parseInt(request.getParameter("serial"));
       } catch (final NumberFormatException nfe) {
-        returnError(out, "Bad request");
+        returnError(out, "bad_req", "Bad request");
         return;
       }
     }
 
     final String op = request.getParameter("op");
-    if (op.equals("") || !Handlers.LIST.containsKey(op)) {
-      returnError(out, "Operation not specified.", serial);
+    //  !Handlers.LIST.containsKey(op)
+    if (op == null || op.equals("")) {
+      returnError(out, "op_not_spec", "Operation not specified.", serial);
       return;
     }
 
@@ -80,7 +81,7 @@ public class AjaxServlet extends CahServlet {
     try {
       handler = injector.getInstance(Handlers.LIST.get(op));
     } catch (final Exception e) {
-      returnError(out, "Invalid operation.", serial);
+      returnError(out, "bad_op", "Invalid operation.", serial);
       return;
     }
     final Map<String, Object> data = handler.handle(request.getParameterMap(), hSession);

src/net/socialgamer/cah/CahServlet.java

@@ -38,10 +38,16 @@ public abstract class CahServlet extends HttpServlet {
     response.setContentType("application/json");
 
     final HttpSession hSession = request.getSession(true);
+    final String op = request.getParameter("op");
+    final boolean skipSessionUserCheck = op != null
+        && (op.equals("register") || op.equals("firstload"));
     if (hSession.isNew()) {
       // they should have gotten a session from the index page.
       // they probably don't have cookies on.
-      returnError(response.getWriter(), "Session not detected. Make sure you have cookies enabled.");
+      returnError(response.getWriter(), "no_session",
+          "Session not detected. Make sure you have cookies enabled.");
+    } else if (!skipSessionUserCheck && hSession.getAttribute("user") == null) {
+      returnError(response.getWriter(), "not_registered", "Not registered. Refresh the page.");
     } else {
       handleRequest(request, response, hSession);
     }
@@ -61,14 +67,17 @@ public abstract class CahServlet extends HttpServlet {
       IOException;
 
   /**
-   * Return an error to the client. Prefer to use the PrintWriter,String,int version if you know the
-   * request serial number.
+   * Return an error to the client. Prefer to use the PrintWriter,String,String,int version if you
+   * know the request serial number.
    * 
    * @param writer
+   * @param code
+   *          Error code that the js code knows how to handle.
    * @param message
+   *          User-visible error message.
    */
-  protected void returnError(final PrintWriter writer, final String message) {
-    returnError(writer, message, -1);
+  protected void returnError(final PrintWriter writer, final String code, final String message) {
+    returnError(writer, code, message, -1);
   }
 
   /**
@@ -79,9 +88,11 @@ public abstract class CahServlet extends HttpServlet {
    * @param serial
    */
   @SuppressWarnings("unchecked")
-  protected void returnError(final PrintWriter writer, final String message, final int serial) {
+  protected void returnError(final PrintWriter writer, final String code, final String message,
+      final int serial) {
     final JSONObject ret = new JSONObject();
     ret.put("error", Boolean.TRUE);
+    ret.put("error_code", code);
     ret.put("error_message", message);
     writer.println(ret.toJSONString());
   }