Re: Recreating an expired session. PLEASE HELP!!!
what version of orion are you using? (-) Robert Krger (-) SIGNAL 7 Gesellschaft fr Informationstechnologie mbH (-) Brder-Knau-Str. 79 - 64285 Darmstadt, (-) Tel: 06151 665401, Fax: 06151 665373 (-) [EMAIL PROTECTED], www.signal7.de
RE: Recreating an expired session. PLEASE HELP!!!
What I do and I have seen alot of people do this, is put an Object in the HttpSession that indicates if a user is logged in or not. When they log in, you put that object in. If they log out, you remove it, and if the session times out, its gone as well. Simply check for that object (either on every JSP page before its displayed..giving you the option to forward to another "error" page if the page being displayed is not allowed unless they are logged in. I use an include file to reuse this functionality on every JSP page I need protected). Or, if your using a MVC framework, have some logic in your controller servlet that makes sure only if the object exists can certain pages be accessed, otherwise forward to the login page. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sergio Socarras Sent: Sunday, January 21, 2001 2:44 AM To: Orion-Interest Subject: Recreating an expired session. PLEASE HELP!!! How can I re-create a session once the session timeout has been reached and the server has invalidated the session. I have a couple of pages that require a session, but I need to timeout after five minutes of inactivity. If the session has timed out, I need to send the user back to a login page. The problem is that if I call getSession(true) on the request object I get the following exception: java.lang.IllegalStateException: Session was invalidated at com.evermind.server.http.EvermindHttpSession.invalidate(JAX) at com.evermind.server.http.EvermindHttpSession.valueUnbound(JAX) at com.sun.net.ssl.internal.ssl.SSLSessionImpl.putValue([DashoPro-V1. 2-120198]) at com.evermind.server.http.EvermindHttpServletRequest.getSession(JAX) at /templates/test.jsp._jspService(/templates/test.jsp.java:17) at com.orionserver.http.OrionHttpJspPage.service(JAX) at com.evermind.server.http.HttpApplication.w5(JAX) at com.evermind.server.http.JSPServlet.service(JAX) at com.evermind.server.http.d1.si(JAX) at com.evermind.server.http.d1.forward(JAX) at com.evermind.server.http.ed.sp(JAX) at com.evermind.server.http.ed.so(JAX) at com.evermind.util.f.run(JAX) How do I force it to create a new session? Please help, I need to resolve this as soon as possible. Also if I specify a -1 for session timeout which implies that the session never times out, when and how does the memory for these session get released once the client is no longer interacting with the site. Thanks Sergio __ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices. http://auctions.yahoo.com/
RE: Recreating an expired session. PLEASE HELP!!!
Kevin, Why put an object in the session to indicate they're logged in - surely request.getRemoteUser() does this? (returns their username if logged in, null if not?) -mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kevin Duffey Sent: Monday, January 22, 2001 5:45 AM To: Orion-Interest Subject: RE: Recreating an expired session. PLEASE HELP!!! What I do and I have seen alot of people do this, is put an Object in the HttpSession that indicates if a user is logged in or not. When they log in, you put that object in. If they log out, you remove it, and if the session times out, its gone as well. Simply check for that object (either on every JSP page before its displayed..giving you the option to forward to another "error" page if the page being displayed is not allowed unless they are logged in. I use an include file to reuse this functionality on every JSP page I need protected). Or, if your using a MVC framework, have some logic in your controller servlet that makes sure only if the object exists can certain pages be accessed, otherwise forward to the login page. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sergio Socarras Sent: Sunday, January 21, 2001 2:44 AM To: Orion-Interest Subject: Recreating an expired session. PLEASE HELP!!! How can I re-create a session once the session timeout has been reached and the server has invalidated the session. I have a couple of pages that require a session, but I need to timeout after five minutes of inactivity. If the session has timed out, I need to send the user back to a login page. The problem is that if I call getSession(true) on the request object I get the following exception: java.lang.IllegalStateException: Session was invalidated at com.evermind.server.http.EvermindHttpSession.invalidate(JAX) at com.evermind.server.http.EvermindHttpSession.valueUnbound(JAX) at com.sun.net.ssl.internal.ssl.SSLSessionImpl.putValue([DashoPro-V1. 2-120198]) at com.evermind.server.http.EvermindHttpServletRequest.getSession(JAX) at /templates/test.jsp._jspService(/templates/test.jsp.java:17) at com.orionserver.http.OrionHttpJspPage.service(JAX) at com.evermind.server.http.HttpApplication.w5(JAX) at com.evermind.server.http.JSPServlet.service(JAX) at com.evermind.server.http.d1.si(JAX) at com.evermind.server.http.d1.forward(JAX) at com.evermind.server.http.ed.sp(JAX) at com.evermind.server.http.ed.so(JAX) at com.evermind.util.f.run(JAX) How do I force it to create a new session? Please help, I need to resolve this as soon as possible. Also if I specify a -1 for session timeout which implies that the session never times out, when and how does the memory for these session get released once the client is no longer interacting with the site. Thanks Sergio __ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices. http://auctions.yahoo.com/