tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Redirection after Tomcat restart
Date Mon, 22 Sep 2008 21:36:20 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Martin,

Martin Dubuc wrote:
> The problem that I am facing is that since the application is using a
> new session, there might be some session based variables that are not
> initialized.

If you want your application to work properly in this situation, you'll
need to add checks to your code to ensure Session integrity before
proceeding. If there's a problem, redirect to some benign location.

> Ultimately, if Tomcat is restarted, I would rather the user be
> redirected to a predetermined page (some kind of home page), but it
> seems that instead, and I believe this is as per the servlet spec,
> Tomcat displays the page information it had stored in its container
> before restarting.

Correct.

> Any advice on how to best handle this?

That depends on a few things.

You could write a filter that tests for certain session contents and, in
their absence, redirects the user to your preferred page. The problem
here is that the session is (probably) not expected to look the same in
all parts of your application, so it's hard to tell which session key to
choose. Perhaps your "default page" inserts something into the session
like "user is still logged-in".

Another choice (which I like the best) is to upgrade your application to
tolerate Tomcat's behavior. Honestly, I like this the best because it
makes it possible for people to resume their session rather than having
to start all over again (which really sucks for certain operations).

The last option I can think of is to use securityfilter
(http://securityfilter.sourceforge.net) and hack-up the
FormAuthenticator such that it redirects you to a specific location
instead of the original, saved request. There's a feature in the CVS
head where you can specify where to go once you are properly
authenticated (which overrides the go-to-saved-request behavior). You
could use this, too.

Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkjYD9QACgkQ9CaO5/Lv0PALYwCfdxSV9ocTi0vC6l+ehZt4yYWO
hV4AnRJbvo2WNvN8giZoc6qAveEiR7yF
=jzKg
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message