There is nothing in the j2ee spec that provides a way to ask the container if the session is still valid and there's also not a standard http response code that you could map a custom response to. I assume that you do want the server side timeout? You can set that timeout to infinite but there are obvious implications there as well with server resources. Other than that, you could implement a "ping" web service that you invoke either either periodically or before all calls to other web services. If that ping call doesn't return the expected result and sends you back your form auth page instead, you could then redirect the user to login.
Carson ____________________________________________ Carson Hager Cynergy Systems, Inc. http://www.cynergysystems.com Email: [EMAIL PROTECTED] Office: 866-CYNERGY ext. 89 Mobile: 1.703.489.6466 Take PowerBuilder to the Web with EAF 4.0 http://www.cynergysystems.com/public/products/eaf -----Original Message----- From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of colinblackmore Sent: Thursday, August 25, 2005 2:46 PM To: [email protected] Subject: [flexcoders] Re: Invalidating flashproxy JSESSIONID value. Ultimately, I was able to implement the functionality I required by avoiding using the flashproxy. By circumventing it, I removed the requirement to try and remove the cookie for the session held by the flashproxy and only needed to deal with the browser session variable. The only outstanding issue is detecting within the flex client when the users session times out on the server in order to place them back in the login screen. Any thoughts...? --- In [email protected], "colinblackmore" <[EMAIL PROTECTED]> wrote: > Can anyone suggest how I might implement a 'logout' facility by > completely invalidating a users session within Flex? > > From what I can deduce, Flex initially passes the JSESSIONID through > the flashproxy as a cookie, using it to construct the appropriate > headers for the subsequent http call. With a _freshly_started_ server > and a _new_browser_session_, this works great. > > However, when I call 'session.invalidate()' within a JSP page to force > the user to re-authenticate themselves (which works), the flashproxy > appears to hold both the original (now invalid) JSESSIONID and a new > one. The upshot is that the main client session and the internal http > connections are out of sync;ie not sharing the same session. This > means that although the user is authenticated to view the flex client, > none of the underlying service connections are authenticated. > > I've tried calling 'session.invalidate()' within an HTTPService call, > and setting the 'JSESSION' cookie to immediately expire, but with no luck. > > Has anyone else run into this issue? > > Thanks, in advance. > > ...Col > > BTW, I'm using form based authentication against Tomcat 5.5. ------------------------ Yahoo! Groups Sponsor --------------------~--> <font face=arial size=-1><a href="http://us.ard.yahoo.com/SIG=12h9snt1r/M=362335.6886445.7839731.151 0227/D=groups/S=1705007207:TM/Y=YAHOO/EXP=1125002757/A=2894361/R=0/SIG=1 3jmebhbo/*http://www.networkforgood.org/topics/education/digitaldivide/? source=YAHOO&cmpgn=GRP&RTP=http://groups.yahoo.com/";>In low income neighborhoods, 84% do not own computers. At Network for Good, help bridge the Digital Divide!</a>.</font> --------------------------------------------------------------------~-> -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links ------------------------ Yahoo! Groups Sponsor --------------------~--> Fair play? Video games influencing politics. Click and talk back! http://us.click.yahoo.com/T8sf5C/tzNLAA/TtwFAA/nhFolB/TM --------------------------------------------------------------------~-> -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
