tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <ahardy.str...@cyberspaceroad.com>
Subject session invalidation and <%@ page session=false %>
Date Thu, 27 Nov 2003 12:24:23 GMT
I'm wondering what the servlet equivalent of <%@ page session=false %> 
would be.

After all the discussion here about disabling URL rewriting, I have 
knocked up a filter to overwrite the response so that encodeUrl() is 
no-op'd (thanx Brice) for requests from callers like google that can't 
handle or don't need a session.

In the same filter I can invalidate the session after the call to 
chain.doFilter() so that the sessions created don't hang around.

However it seems an awkward solution, since the session is used 
throughout the servlet - I thought I could use session.invalidate() just 
to kill off the session right away and then do a test on the session 
wherever I need it to see if it is valid or present.

The only test I can do to identify an invalidated session is to try 
catch on an IllegalStateException on any session method call, but that's 
goes against my philosophy.

If I overwrite the request as well and override the getSession() to 
return null, is that going to present any unforeseen issues on these 
requests that need no session? Or is there a better way of mimicking <%@ 
page session=false %> ?


Adam
-- 
struts 1.1 + tomcat 5.0.14 + java 1.4.2
Linux 2.4.20 RH9

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message