You know, I do use RequestDispatcher forward method
further down in the code, but use sendRedirect if the
client is not logged in (done==null). It is the only
place where I use sendRedirect.
Thank you for everyone's excellent responses on the
merits of RequestDispatcher.
However, the issue I was concerned about was the HTTP
session timeouts. I have the session timeout set to
15 minutes in the web.xml file, but SSL HTTP sessions
seem to time out after 60-90 seconds.
After reading through some the mailing list, I tried
setting my web app to "shared=true" and in the
secure-web-site.xml file and now the HTTP sessions are
working as planned. (timeouts after 15 minutes).
What are the specific security ramifications of this
setting?
I have a unsecure site and a secure site. The
unsecure site only has 3-4 pages. Maybe I should just
make add to secure site and then only have one site?
Perhaps this would clear my HTTP session timeout
issue.
Any thoughts on the security ramifications of
shared=true and insight into my SSL HTTP session
timout issue would be greatly appreciated.
-Todd
--- Magnus Rydin <[EMAIL PROTECTED]> wrote:
> Hi Chris,
> you are right.
> using a RequestDispatcher only redirects the request
> on the server side,
> wihtout informing the client.
> a sendRedirect() will ask the client to go to
> another page, thus changing
> header info and the whole thing.
>
> > -----Original Message-----
> > From: Christian Sell
> [mailto:[EMAIL PROTECTED]]
> > Sent: den 1 september 2000 11:17
> > To: Orion-Interest
> > Subject: Re: HTTPSession timeouts in SSL
> environment
> >
> >
> > As far as I remember, there is another difference
> between
> > sendRedirect() and
> > RequestDispatcher.forward(). I once tested both
> alternatives,
> > and I found
> > that with forward(), the client never gets to know
> that he
> > hase been sent to
> > another page, i.e. the URL does not show, the
> reload button
> > reloads the page
> > from where the forward was done, etc. I think I
> remember
> > there were even
> > problems with links on the page..
> >
> > >
> > >The difference between them (sendRedirect and
> > RequestDispatcher) is that
> > >sendRedirect sends back to a browser a response
> that it
> > should redirect
> > >its request to another page/site which implies
> another
> > request will be
> > >sent by a browser. On the other hand,
> RequestDispatcher gives you
> > >possibilities to send a request forth and back
> (no matter how many
> > >times) between web components just on the server
> side rather then
> > >forcing to exchange information through the net
> as in previous case.
> > >
> > >I'd rather write:
> > >
> > >if (done == null)
> > >
>
getServletContext.getRequestDispatcher(relogin).forward(req,
> res);
> > >
> >
> >
> >
>
__________________________________________________
Do You Yahoo!?
Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/
