tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pid *" <...@pidster.com>
Subject Re: Session expiration - browser -Web application
Date Fri, 04 Nov 2011 20:09:04 GMT
On 4 Nov 2011, at 19:24, Tim Watts <tim@cliftonfarm.org> wrote:

> Léa,
>
> Life needn't be this difficult. :-)  You're reinventing wheels here
> instead of understanding how the wheels you already have work.  Again,
> read the spec.  Pretty please.  So many questions will be answered.

+1

JSP != PHP

The Servlet Container (Tomcat) provides a great deal of functionality for you.

 http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html

p

>
>
> On Fri, 2011-11-04 at 11:55 -0700, Léa Massiot wrote:
>> @Christopher :
>> Thank you for your answer.
>>
>> Christopher wrote:
>>>
>>> The new session created is completely empty. It has nothing to do with the
>>> user going back in the history, etc.
>>> No, you are right.
>> What I meant is that I was/am managing session expiration inside the Webapp
>> (for instance if the user clicks a button which is inside the Webapp and if
>> the session has expired, I redirect him to the log in page).
>>
>> Christopher wrote:
>>>
>>> I always try to have enough information in the page (form) so that
>>> resuming a workflow after a session timeout is a possibility.
>>>
>> I'm sorry but I do not understand what you are explaining me here...
>>
>>
>> A SOLUTION... I THINK.
>> I have found a solution, here it is:
>> for all the JSPs which require a user to be identified (*), I add the
>> following code:
>>
> Better solution is to check whether the user principle is set.  The spec
> will explain this.
>
>> <%
>>    ASessionAttribute aSessionAttribute = null;
>>    HttpSession       httpSession       = null;
>>
>>        httpSession       = request.getSession();
>>    aSessionAttribute = (ASessionAttribute)
>> httpSession.getAttribute("aSessionAttribute");
>>
>>    if(aSessionAttribute  == null)
>>    {
>>        response.sendRedirect("the-log-in-page.jsp");
>>        }
>> %>
>>
>> Then if a user presses the F5 key and if the session has expired, he is
>> properly redirected to the log in page.
>>
>> Best regards,
>> --
>> Léa
>>
>> (*) That is to say, in my example, the "aSessionAttribute" object musn't be
>> null.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message