tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Phillip Qin <Phillip....@shareowner.com>
Subject RE: How to detect expired session vs. no session? (Solved)
Date Fri, 10 Dec 2004 15:11:39 GMT
I am curious why people spent so much time trying to figure out whether
request.getSession(...) returns null or not but didn't bother using
request.getSession().isNew()?



-----Original Message-----
From: Steve Kirk [mailto:tomcat-user@web-startup.co.uk] 
Sent: December 9, 2004 4:36 PM
To: 'Tomcat Users List'
Subject: RE: How to detect expired session vs. no session? (Solved)


> By default:
> 1. getSession(true)!=null
> 2. getSession(false)!=null
> 
> But if a JSP page contains the tag <%@ page session="false" %>, then: 
> 1. getSession(true)!=null 2. getSession(false)==null

In the last of these 4 cases, do you mean that the implicit JSP session
object returns null, or that request.getSession(false) returns null?  I
could understand the first behaviour but would be surprised by the second.
The problem is that it implies that JSPs execute the code in a way that is
different than if it were included in a servlet, and given that JSPs are
servlets, this seems puzzling.  Again, perhaps I'm not fully understanding
either your case, or the details of how sessions work.

> For my case, sessions will only be created for logged-in
> users

what is it about your case that makes this happen?  I would have thought
that session creation is independent of whether you are authenticating or
not.  Or is there a way to config TC to not create sessions by default, and
only create them when the user successfully authenticates?



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


!DSPAM:41b8c52d300391826077954!

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message