On 1:59 PM, Léa Massiot wrote:
> @Christopher :
> Thank you for your answer.
>
> Christopher wrote:
>> The new session created is completely empty. It has nothing to do with the
>> user going back in the history, etc.
>> No, you are right.
> What I meant is that I was/am managing session expiration inside the Webapp
> (for instance if the user clicks a button which is inside the Webapp and if
> the session has expired, I redirect him to the log in page).
>
> Christopher wrote:
>> I always try to have enough information in the page (form) so that
>> resuming a workflow after a session timeout is a possibility.
>>
> I'm sorry but I do not understand what you are explaining me here...
>
>
> A SOLUTION... I THINK.
> I have found a solution, here it is:
> for all the JSPs which require a user to be identified (*), I add the
> following code:
>
> <%
> ASessionAttribute aSessionAttribute =ull;
> HttpSession httpSession =ull;
>
> httpSession =equest.getSession();
> aSessionAttribute =ASessionAttribute)
> httpSession.getAttribute("aSessionAttribute");
>
> if(aSessionAttribute =null)
> {
> response.sendRedirect("the-log-in-page.jsp");
> }
> %>
>
> Then if a user presses the F5 key and if the session has expired, he is
> properly redirected to the log in page.
>
> Best regards,
> --
> Léa
>
> (*) That is to say, in my example, the "aSessionAttribute" object musn't be
> null.
Hi, Léa-
Using a filter to do this might simplify the code a little.
-Terence Bandoian
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
|