Re: Recreating an expired session. PLEASE HELP!!!

[Robert Krueger]

what version of orion are you using?
(-) Robert Krger
(-) SIGNAL 7 Gesellschaft fr Informationstechnologie mbH
(-) Brder-Knau-Str. 79 - 64285 Darmstadt,
(-) Tel: 06151 665401, Fax: 06151 665373
(-) [EMAIL PROTECTED], www.signal7.de

RE: Recreating an expired session. PLEASE HELP!!!

[Kevin Duffey]

What I do and I have seen alot of people do this, is put an Object in the
HttpSession that indicates if a user is logged in or not. When they log in,
you put that object in. If they log out, you remove it, and if the session
times out, its gone as well. Simply check for that object (either on every
JSP page before its displayed..giving you the option to forward to another
"error" page if the page being displayed is not allowed unless they are
logged in. I use an include file to reuse this functionality on every JSP
page I need protected). Or, if your using a MVC framework, have some logic
in your controller servlet that makes sure only if the object exists can
certain pages be accessed, otherwise forward to the login page.


 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]]On Behalf Of Sergio
 Socarras
 Sent: Sunday, January 21, 2001 2:44 AM
 To: Orion-Interest
 Subject: Recreating an expired session. PLEASE HELP!!!



   How can I re-create a session once the session
 timeout has been reached and the server has
 invalidated the session. I have a couple of pages that
 require a session, but I need to timeout after five
 minutes of inactivity. If the session has timed out, I
 need to send the user back to a login page. The
 problem is that if I call getSession(true) on the
 request object I get the following exception:

 java.lang.IllegalStateException: Session was
 invalidated
   at
 com.evermind.server.http.EvermindHttpSession.invalidate(JAX)
   at
 com.evermind.server.http.EvermindHttpSession.valueUnbound(JAX)
   at
 com.sun.net.ssl.internal.ssl.SSLSessionImpl.putValue([DashoPro-V1.
 2-120198])
   at
 com.evermind.server.http.EvermindHttpServletRequest.getSession(JAX)
   at
 /templates/test.jsp._jspService(/templates/test.jsp.java:17)
   at com.orionserver.http.OrionHttpJspPage.service(JAX)
   at com.evermind.server.http.HttpApplication.w5(JAX)
   at com.evermind.server.http.JSPServlet.service(JAX)
   at com.evermind.server.http.d1.si(JAX)
   at com.evermind.server.http.d1.forward(JAX)
   at com.evermind.server.http.ed.sp(JAX)
   at com.evermind.server.http.ed.so(JAX)
   at com.evermind.util.f.run(JAX)

 How do I force it to create a new session? Please
 help, I need to resolve this as soon as possible.

 Also if I specify a -1 for session timeout which
 implies that the session never times out, when and how
 does the memory for these session get released once
 the client is no longer interacting with the site.

 Thanks
 Sergio


 __
 Do You Yahoo!?
 Yahoo! Auctions - Buy the things you want at great prices.
 http://auctions.yahoo.com/

RE: Recreating an expired session. PLEASE HELP!!!

[Mike Cannon-Brookes]

Kevin,

Why put an object in the session to indicate they're logged in - surely
request.getRemoteUser() does this? (returns their username if logged in,
null if not?)

-mike

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]]On Behalf Of Kevin Duffey
 Sent: Monday, January 22, 2001 5:45 AM
 To: Orion-Interest
 Subject: RE: Recreating an expired session. PLEASE HELP!!!


 What I do and I have seen alot of people do this, is put an Object in the
 HttpSession that indicates if a user is logged in or not. When
 they log in,
 you put that object in. If they log out, you remove it, and if the session
 times out, its gone as well. Simply check for that object (either on every
 JSP page before its displayed..giving you the option to forward to another
 "error" page if the page being displayed is not allowed unless they are
 logged in. I use an include file to reuse this functionality on every JSP
 page I need protected). Or, if your using a MVC framework, have some logic
 in your controller servlet that makes sure only if the object exists can
 certain pages be accessed, otherwise forward to the login page.


  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED]]On Behalf Of Sergio
  Socarras
  Sent: Sunday, January 21, 2001 2:44 AM
  To: Orion-Interest
  Subject: Recreating an expired session. PLEASE HELP!!!
 
 
 
How can I re-create a session once the session
  timeout has been reached and the server has
  invalidated the session. I have a couple of pages that
  require a session, but I need to timeout after five
  minutes of inactivity. If the session has timed out, I
  need to send the user back to a login page. The
  problem is that if I call getSession(true) on the
  request object I get the following exception:
 
  java.lang.IllegalStateException: Session was
  invalidated
  at
  com.evermind.server.http.EvermindHttpSession.invalidate(JAX)
  at
  com.evermind.server.http.EvermindHttpSession.valueUnbound(JAX)
  at
  com.sun.net.ssl.internal.ssl.SSLSessionImpl.putValue([DashoPro-V1.
  2-120198])
  at
  com.evermind.server.http.EvermindHttpServletRequest.getSession(JAX)
  at
  /templates/test.jsp._jspService(/templates/test.jsp.java:17)
  at com.orionserver.http.OrionHttpJspPage.service(JAX)
  at com.evermind.server.http.HttpApplication.w5(JAX)
  at com.evermind.server.http.JSPServlet.service(JAX)
  at com.evermind.server.http.d1.si(JAX)
  at com.evermind.server.http.d1.forward(JAX)
  at com.evermind.server.http.ed.sp(JAX)
  at com.evermind.server.http.ed.so(JAX)
  at com.evermind.util.f.run(JAX)
 
  How do I force it to create a new session? Please
  help, I need to resolve this as soon as possible.
 
  Also if I specify a -1 for session timeout which
  implies that the session never times out, when and how
  does the memory for these session get released once
  the client is no longer interacting with the site.
 
  Thanks
  Sergio
 
 
  __
  Do You Yahoo!?
  Yahoo! Auctions - Buy the things you want at great prices.
  http://auctions.yahoo.com/