Kevin,
Why put an object in the session to indicate they're logged in - surely
request.getRemoteUser() does this? (returns their username if logged in,
null if not?)
-mike
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Kevin Duffey
> Sent: Monday, January 22, 2001 5:45 AM
> To: Orion-Interest
> Subject: RE: Recreating an expired session. PLEASE HELP!!!
>
>
> What I do and I have seen alot of people do this, is put an Object in the
> HttpSession that indicates if a user is logged in or not. When
> they log in,
> you put that object in. If they log out, you remove it, and if the session
> times out, its gone as well. Simply check for that object (either on every
> JSP page before its displayed..giving you the option to forward to another
> "error" page if the page being displayed is not allowed unless they are
> logged in. I use an include file to reuse this functionality on every JSP
> page I need protected). Or, if your using a MVC framework, have some logic
> in your controller servlet that makes sure only if the object exists can
> certain pages be accessed, otherwise forward to the login page.
>
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Sergio
> > Socarras
> > Sent: Sunday, January 21, 2001 2:44 AM
> > To: Orion-Interest
> > Subject: Recreating an expired session. PLEASE HELP!!!
> >
> >
> >
> > How can I re-create a session once the session
> > timeout has been reached and the server has
> > invalidated the session. I have a couple of pages that
> > require a session, but I need to timeout after five
> > minutes of inactivity. If the session has timed out, I
> > need to send the user back to a login page. The
> > problem is that if I call getSession(true) on the
> > request object I get the following exception:
> >
> > java.lang.IllegalStateException: Session was
> > invalidated
> > at
> > com.evermind.server.http.EvermindHttpSession.invalidate(JAX)
> > at
> > com.evermind.server.http.EvermindHttpSession.valueUnbound(JAX)
> > at
> > com.sun.net.ssl.internal.ssl.SSLSessionImpl.putValue([DashoPro-V1.
> > 2-120198])
> > at
> > com.evermind.server.http.EvermindHttpServletRequest.getSession(JAX)
> > at
> > /templates/test.jsp._jspService(/templates/test.jsp.java:17)
> > at com.orionserver.http.OrionHttpJspPage.service(JAX)
> > at com.evermind.server.http.HttpApplication.w5(JAX)
> > at com.evermind.server.http.JSPServlet.service(JAX)
> > at com.evermind.server.http.d1.si(JAX)
> > at com.evermind.server.http.d1.forward(JAX)
> > at com.evermind.server.http.ed.sp(JAX)
> > at com.evermind.server.http.ed.so(JAX)
> > at com.evermind.util.f.run(JAX)
> >
> > How do I force it to create a new session? Please
> > help, I need to resolve this as soon as possible.
> >
> > Also if I specify a -1 for session timeout which
> > implies that the session never times out, when and how
> > does the memory for these session get released once
> > the client is no longer interacting with the site.
> >
> > Thanks
> > Sergio
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Auctions - Buy the things you want at great prices.
> > http://auctions.yahoo.com/
> >
>
>
>
