tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Asensio, Rodrigo" <rodrigo.asen...@gilbarco.com>
Subject RE: invalid sessions
Date Mon, 18 Dec 2006 18:29:12 GMT
Is really a pain in the ass have a brand new session when the session is
dead.
Would be great have a session.isNewBecauseTheOldIsDead()

-----Original Message-----
From: Asensio, Rodrigo [mailto:rodrigo.asensio@gilbarco.com] 
Sent: Monday, December 18, 2006 12:52 PM
To: Tomcat Users List
Subject: invalid sessions

Hi guys, Im trying to reject users whose sessions was invalidated (in
purpose because a logout or timeout) But I found that there is not logic
combination in the session valid or invalid methods.

Case 1
First request
Session.isNew()  TRUE
Request.isRequestedSessionIdValid() FALSE

We can say that this is ok because you are still not authenticated.

Case 2
Session timeout
Next request will be
Session.isNew() TRUE   because creates a new session
Request.isRequestedSessionIdValid() FALSE 

The funny thing is if I request the session with create in false, it
always returns an object
Request.getSession(false) != null ALWAYS in this case.

I have no way to verify if the session was invalidated by a timeout.

I made a listener and put the invalid session in the DB but I have no
way to identify because When a client comes back from a invalid session,
it creates a new one.

Do you know any way ?


Thanks
Rodrigo




-------------------------------------------------------------------
Rodrigo Asensio
Fuel Management Services
Gilbarco Veeder Root
phone: +1 336 547 5023
email: rodrigo.asensio@gilbarco.com
<mailto:rodrigo.asensio@gilbarco.com> 
 
 (~'~~'~~'~~)
  |        |
  |        |
  |       ~|~
  |-------())
  (        _)
  |        |
  |        |
  ''..     |
  |'..'---_/\
 /    ''---|| /\
/     \    \\/\/
|  \  /     \_/
|   \/\\    | \


This message (including any attachments) contains confidential and/or
proprietary information intended only for the addressee.  
Any unauthorized disclosure, copying, distribution or reliance on the
contents of this information is strictly prohibited and may constitute a
violation of law.  If you are not the intended recipient, please notify
the sender immediately by responding to this e-mail, and delete the
message from your system.  If you have any questions about this e-mail
please notify the sender immediately. 

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


This message (including any attachments) contains confidential 
and/or proprietary information intended only for the addressee.  
Any unauthorized disclosure, copying, distribution or reliance on 
the contents of this information is strictly prohibited and may 
constitute a violation of law.  If you are not the intended 
recipient, please notify the sender immediately by responding to 
this e-mail, and delete the message from your system.  If you 
have any questions about this e-mail please notify the sender 
immediately. 

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message