-----------------------------
Please read the FAQ!
<http://java.apache.org/faq/>
-----------------------------
> Yes, but when I klick a button named 'logout' I am very unhappy when I get
an
>
> error-message when I access the servlet next time. The error message is
> provided
> for the case that the session has timed-out. This is not the case here.
The
> session has
> not timed out, the user has logged out.
well, it depends on how u have coded the session handling. typically, one
would do something like this for a login protected app in most servlets:
1. call HttpServletRequest.getSession( false) to see if a session already
exists.
2. if a session does not exist ( the above method returns null), then
redirect to a login page.
3. the servlet which the login page submits data to should create a new
session by calling HttpServletRequest.getSession( true). it might use
'false' first like above in case it was an invalid login and the error
message is in the session also.
basically, the session can get invalidated on the server in 2 ways:
1. it times out.
2. your code invalidates it ( when the user logs out or something).
there is no way to distinguish between those ( at least no easy way). you
could always maintain Sessions for the users on the server and instead of
invalidating the session, set a flag or something in the session to mark it.
that would be one way you could distinguish between a session timeout and an
explicit logout. however, the catch is that the sessions would only get
invalidated when they timeout. in other words, even though ur user logged
out 20 mins ago, the session will still persist until the servlet engine
times it out.
hope this helps,
--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
