struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dynamicd <dhaval.par...@gmail.com>
Subject Re: Invalidating session
Date Wed, 27 Aug 2008 15:54:43 GMT

I invalidate my session in my action using 

request.getSession().invalidate();




Gundersen, Richard wrote:
> 
> Hi all
> 
> I came across this page for invalidating the session
> 
> http://struts.apache.org/2.0.11.2/docs/how-do-we-get-invalidate-the-sess
> ion.html
> 
> It mentions this way of invalidating the session: 
> 
> if (session instanceof org.apache.struts2.dispatcher.SessionMap) {
> 		....
> 	((org.apache.struts2.dispatcher.SessionMap)
> session).invalidate();
> 		....
> 
> Just wondering if 
> 	a) this is still the recommended way of doing things (I have no
> reason to think it's not btw)
> 	b) I'm writing a public facing site that needs to be secure, so
> just wondering if there would ever be a possibility that the session
> object might not be an instance of
> org.apache.struts2.dispatcher.SessionMap, in which case there could be
> potential for the session not to be invalidated when it's meant to be.
> Is this a possibility? I don't know enough about Struts 2 to answer this
> myself so would appreciate advice. 
> 
> Cheers
> 
> Richard
> 
> 
> As a responsible corporate citizen, London Scottish Bank plc asks you to
> consider the environment before printing this email.
> 
> *** Disclaimer *** 
> 
> This electronic communication is confidential and for the exclusive use of
> the addressee. It may contain private and confidential information. The
> information, attachments and opinions contained in this E-mail are those
> of its author only and do not necessarily represent those of London
> Scottish Bank PLC or any other members of the London Scottish Group. 
> 
> If you are not the intended addressee, you are prohibited from any
> disclosure, distribution or further copying or use of this communication
> or the information in it or taking any action in reliance on it. If you
> have received this communication in error please notify the Information
> Security Manager at ISM@London-Scottish.com as soon as possible and delete
> the message from all places in your computer where it is stored. 
> 
> We utilise virus scanning software but we cannot guarantee the security of
> electronic communications and you are advised to check any attachments for
> viruses. We do not accept liability for any loss resulting from any
> corruption or alteration of data or importation of any virus as a result
> of receiving this electronic communication. 
> 
> Replies to this E-mail may be monitored for operational or business
> reasons. London Scottish Bank PLC is regulated by the Financial Services
> Authority.
> 
> 
> London Scottish Bank plc, Registered Office: 201 Deansgate, Manchester M3
> 3NW Registered Number 973008 England.
> 
> Subsidiary Companies:-
> 
> London Scottish Finance Limited, Registered Office: 201 Deansgate,
> Manchester M3 3NW Registered Number 233259 England.
> 
> London Scottish Broking Limited, Registered Office: 201 Deansgate,
> Manchester M3 3NW Registered Number 230110 England.
> 
> Robinson Way & Company Limited, Registered Office: 201 Deansgate,
> Manchester M3 3NW Registered Number 885896 England.
> 
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Invalidating-session-tp19178803p19183985.html
Sent from the Struts - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message