David,
Keep in mind that invalidating the session prematurely is probably not a
good habit to get into. Why? Because a session is tied to a browser
session. If, like we are, you are creating multiple web apps that might be
used by the same user base, you could end up destroying session objects in
one web app while the user is also in another web app, thereby, destroying
those objects too. The same is true if your user is also working in my web
apps. If your web app invalidates the session, that screws up my web app
too.
Instead we let sessions timeout naturally, and work within objects we call
application objects, or user objects, that we hang off the session object,
and invalidate or destroy these instead.
It isn't really a topic that gets discussed here, but I think it is a very
important one. Invalidating the session is very bad form in my book.
Cheers,
Dan
--
Daniel Kirkdorffer
NACN IS: 425-580-6225
Sr. Consultant, Syllogistics LLC
Email: [EMAIL PROTECTED]
Web: http://www.syllogistics.com/
> ----------
> From: Craig R. McClanahan[SMTP:[EMAIL PROTECTED]]
> Reply To: Craig McClanahan
> Sent: Monday, June 07, 1999 3:18 PM
> To: [EMAIL PROTECTED]
> Subject: Re: LIFESPAN=session and getSession()
>
> David Wall wrote:
>
> > When a JSP bean is set to have LIFESPAN of session, can I reasonably
> assume
> > that a servlet that calls request.getSession() is operating on the same
> > session, and therefore can get the name of the beans stored by JSP in
> the
> > session by calling session.getValue("beanname")?
> >
>
> (In the 1.0 spec, what used to be "lifespan" is now "scope")
>
> This was not specified in pre-1.0 versions of the spec, but that is the
> way
> all the implementations tended to operate. This behavior is now mandated
> in
> the 1.0 spec, as is the corresponding behavior for scope=application
> (objects
> are stored in the ServletContext) and scope=request (objects are stored in
> the
> ServletRequest).
>
> It also works the other direction -- objects your servlet stores with
> HttpSession.putValue() are visible in JSP pages with session scope.
>
> >
> > Also, what happens to a JSP's beans if a servlet calls invalidate() on
> the
> > session?
> >
>
> If you call invalidate() in a servlet and then forward to a JSP page (or a
> subsequent request comes in) the old session values will be gone, and a
> new
> session (with no values yet) will be created, if you declare that your
> page
> participates in a session. See the <jsp:useBean> documentation in the
> spec
> for the rules that are followed about trying to create a new instance of
> your
> beans.
>
> > David
> >
>
> Craig McClanahan
>
> ==========================================================================
> =
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
> body
> of the message "signoff JSP-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
>
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff JSP-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
