Re: Session Management
Hello Pawel, well the intercepter can get a message that suggest us to have a login before proceeding, I guess that can be done, I was trying this thing as I am a newbie in Struts and I was exploring the possibilities. Thats the best I can do :) Thanks for ur help and suggestions. Regards, Baran Paweł Wielgus wrote: > > Hi, > yes it's the case, > because if You are firing ajax request to server it doesn't really > care if it's ajax or plain html request, > so the responsibility to behave properly is on the page side. > I don't know if your interceptor returning html code (page) is ok for You? > Or maybe it should return something else to tell the page to reload all of > it? > Because as i think You would like to achieve such scenario: > 1. user session is lost > 2. user clicks on a link (ajax call) > 3. interceptor catches the call and states that it's not allowed > 4. page is getting some kind of info that this request is no more > accessible and it should go to loginPage.jsp - total reload of the > page > > I haven't been doing such things so i won't help You much with it more. > > Best greetings, > Paweł Wielgus. > > > 2009/4/16 Baran : >> >> Hi, >> >> Okay, this is the response I get, I did used the same thing that you are >> suggesting, Can it be an issue that I am using AJAX, as the html code of >> the >> login page is coming as a response of the http request I am making, do I >> have to redirect it via my JSP page(using javascript)? As otherwise I >> guess >> the whole thing is working fine. >> >> Regards, >> Baran >> -- >> View this message in context: >> http://www.nabble.com/Session-Management-tp23074591p23076002.html >> Sent from the Struts - User mailing list archive at Nabble.com. >> >> >> - >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> For additional commands, e-mail: user-h...@struts.apache.org >> >> > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > > -- View this message in context: http://www.nabble.com/Session-Management-tp23074591p23076293.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Session Management
Hi, yes it's the case, because if You are firing ajax request to server it doesn't really care if it's ajax or plain html request, so the responsibility to behave properly is on the page side. I don't know if your interceptor returning html code (page) is ok for You? Or maybe it should return something else to tell the page to reload all of it? Because as i think You would like to achieve such scenario: 1. user session is lost 2. user clicks on a link (ajax call) 3. interceptor catches the call and states that it's not allowed 4. page is getting some kind of info that this request is no more accessible and it should go to loginPage.jsp - total reload of the page I haven't been doing such things so i won't help You much with it more. Best greetings, Paweł Wielgus. 2009/4/16 Baran : > > Hi, > > Okay, this is the response I get, I did used the same thing that you are > suggesting, Can it be an issue that I am using AJAX, as the html code of the > login page is coming as a response of the http request I am making, do I > have to redirect it via my JSP page(using javascript)? As otherwise I guess > the whole thing is working fine. > > Regards, > Baran > -- > View this message in context: > http://www.nabble.com/Session-Management-tp23074591p23076002.html > Sent from the Struts - User mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Session Management
Hi, Okay, this is the response I get, I did used the same thing that you are suggesting, Can it be an issue that I am using AJAX, as the html code of the login page is coming as a response of the http request I am making, do I have to redirect it via my JSP page(using javascript)? As otherwise I guess the whole thing is working fine. Regards, Baran -- View this message in context: http://www.nabble.com/Session-Management-tp23074591p23076002.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Session Management
Hi, look at line: return Action.LOGIN; this is the place where interceptor is returning simple string which represents forward, in my case i have "logon" defined in struts.xml like this: /WEB-INF/pages/logon.jsp Hope that helps, Paweł Wielgus. 2009/4/16 Baran : > > Hi, > > I guess I am fine with the intercepter side, but the issue is I am not able > to redirect it to a new page. The intercepter is working fine, but the > respone is coming back to the same page and not to the login page. > > Any thing that I might be missing in the struts.xml or somewhere? coz > intercepter is fine all I need is to send it to new page. > > Thanks > > Lukasz Lenart wrote: >> >> package example3; >> >> import com.opensymphony.xwork2.Action; >> import com.opensymphony.xwork2.ActionInvocation; >> import com.opensymphony.xwork2.interceptor.Interceptor; >> >> /** >> * >> * @author Lukasz >> */ >> public class LoginInterceptor implements Interceptor { >> >> public void destroy() { >> } >> >> public void init() { >> } >> >> public String intercept(ActionInvocation arg0) throws Exception { >> if (arg0.getAction() instanceof LoginAction) { >> return arg0.invoke(); >> } >> String user = (String) >> arg0.getInvocationContext().getSession().get("user"); >> if ( user == null || "".equals(user)) { >> return Action.LOGIN; >> } else { >> return arg0.invoke(); >> } >> } >> >> } >> >> >> Regards >> -- >> Lukasz >> http://www.lenart.org.pl/ >> >> - >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> For additional commands, e-mail: user-h...@struts.apache.org >> >> >> > > -- > View this message in context: > http://www.nabble.com/Session-Management-tp23074591p23075474.html > Sent from the Struts - User mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Session Management
Hi, I guess I am fine with the intercepter side, but the issue is I am not able to redirect it to a new page. The intercepter is working fine, but the respone is coming back to the same page and not to the login page. Any thing that I might be missing in the struts.xml or somewhere? coz intercepter is fine all I need is to send it to new page. Thanks Lukasz Lenart wrote: > > package example3; > > import com.opensymphony.xwork2.Action; > import com.opensymphony.xwork2.ActionInvocation; > import com.opensymphony.xwork2.interceptor.Interceptor; > > /** > * > * @author Lukasz > */ > public class LoginInterceptor implements Interceptor { > > public void destroy() { > } > > public void init() { > } > > public String intercept(ActionInvocation arg0) throws Exception { > if (arg0.getAction() instanceof LoginAction) { > return arg0.invoke(); > } > String user = (String) > arg0.getInvocationContext().getSession().get("user"); > if ( user == null || "".equals(user)) { > return Action.LOGIN; > } else { > return arg0.invoke(); > } > } > > } > > > Regards > -- > Lukasz > http://www.lenart.org.pl/ > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > > -- View this message in context: http://www.nabble.com/Session-Management-tp23074591p23075474.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Session Management
package example3; import com.opensymphony.xwork2.Action; import com.opensymphony.xwork2.ActionInvocation; import com.opensymphony.xwork2.interceptor.Interceptor; /** * * @author Lukasz */ public class LoginInterceptor implements Interceptor { public void destroy() { } public void init() { } public String intercept(ActionInvocation arg0) throws Exception { if (arg0.getAction() instanceof LoginAction) { return arg0.invoke(); } String user = (String) arg0.getInvocationContext().getSession().get("user"); if ( user == null || "".equals(user)) { return Action.LOGIN; } else { return arg0.invoke(); } } } Regards -- Lukasz http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Session Management
Hello Paul, Thanks for the prompt response, I guess that is a right way to do, but plz suggest me how can i redirect my control to the login page. Can u plz get me the syntax, the interceptor thing is ready all i need to do is to redirect if session is not there... Thanks Baran Paweł Wielgus wrote: > > Hi Baran, > You can check for this in interceptor in struts2 or in mainservlet in > struts1. > > Best greeitings, > Paweł Wielgus. > > 2009/4/16 Baran : >> >> Hello All, >> >> I have this common scenario of handling sessions. The scenario is: >> >> 1. To check session on the jsp side when ever a page is loaded. This is >> fairly simple and can be done without much hassle. >> >> 2. Lets say the page is left unattended and the session expires but the >> user >> is still on that authenticated page. Not the thing is how can I make sure >> that any such request is not processed and is redirected to the login >> page. >> I can check the session availability but how can I redirect the control >> to >> login page. >> >> One more thing, I am working on YUI + Ajax based application, so >> basically >> all the action requests are via javascript. >> >> Any help would be appreciated. >> >> Baran >> -- >> View this message in context: >> http://www.nabble.com/Session-Management-tp23074591p23074591.html >> Sent from the Struts - User mailing list archive at Nabble.com. >> >> >> - >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> For additional commands, e-mail: user-h...@struts.apache.org >> >> > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > > -- View this message in context: http://www.nabble.com/Session-Management-tp23074591p23074831.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Session Management
Hi Baran, You can check for this in interceptor in struts2 or in mainservlet in struts1. Best greeitings, Paweł Wielgus. 2009/4/16 Baran : > > Hello All, > > I have this common scenario of handling sessions. The scenario is: > > 1. To check session on the jsp side when ever a page is loaded. This is > fairly simple and can be done without much hassle. > > 2. Lets say the page is left unattended and the session expires but the user > is still on that authenticated page. Not the thing is how can I make sure > that any such request is not processed and is redirected to the login page. > I can check the session availability but how can I redirect the control to > login page. > > One more thing, I am working on YUI + Ajax based application, so basically > all the action requests are via javascript. > > Any help would be appreciated. > > Baran > -- > View this message in context: > http://www.nabble.com/Session-Management-tp23074591p23074591.html > Sent from the Struts - User mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: session management
mthalis wrote: i have already implemented login, logout parts using struts(jsp). But the case is after logged out, when i press back button it is redirected to the particular page that i was in before logged out. these are my codings, and plz kind enough to give me reasonable answer. //set sessions// HttpSession session=request.getSession(); session.setAttribute("userName", userLoginForm.getName()); //verify log or not <% String userId=(String)session.getAttribute("userName"); if(userId != null){ %> ///if not log <% } else{ response.sendRedirect("./index.jsp"); } %> //logout <% session.removeAttribute("userName"); session.invalidate(); response.sendRedirect("./welcome.jsp"); %> Leaving the discussion about the scriptlets aside, and that this isn't really a Struts issue... When the user hits the "back" button if a page has been cached it will be displayed--no server interaction, so no server interaction. Turn off page caching--this forces the browser to go back to the server, whereupon it will discover the user is no longer logged in, and run the... scriptlet. Dave - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: session management
Hi, i wasn't able to understand Your problem, so i was thinking that the code You cited below was about the problem discussed on my blog. If it's not this problem than try to describe the problem in other words, i simply don't get it. Best greetings, Paweł Wielgus. 2009/2/20 mthalis : > > Give me another suggestion pz. > > > mthalis wrote: >> >> i have already implemented login, logout parts using struts(jsp). But the >> case is after logged out, when i press back button it is redirected to >> the particular page that i was in before logged out. these are my codings, >> and plz kind enough to give me reasonable answer. >> >> //set sessions// >> HttpSession session=request.getSession(); >> session.setAttribute("userName", userLoginForm.getName()); >> >> //verify log or not >> <% >> String userId=(String)session.getAttribute("userName"); >> if(userId != null){ >> %> >> >> >> ///if not log >> <% >> } >> else{ >> response.sendRedirect("./index.jsp"); >> } >> %> >> >> //logout >> <% >> session.removeAttribute("userName"); >> session.invalidate(); >> response.sendRedirect("./welcome.jsp"); >> %> >> >> > > -- > View this message in context: > http://www.nabble.com/session-management-tp22054409p22114881.html > Sent from the Struts - User mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: session management
Give me another suggestion pz. mthalis wrote: > > i have already implemented login, logout parts using struts(jsp). But the > case is after logged out, when i press back button it is redirected to > the particular page that i was in before logged out. these are my codings, > and plz kind enough to give me reasonable answer. > > //set sessions// > HttpSession session=request.getSession(); > session.setAttribute("userName", userLoginForm.getName()); > > //verify log or not > <% > String userId=(String)session.getAttribute("userName"); > if(userId != null){ > %> > > > ///if not log > <% > } > else{ > response.sendRedirect("./index.jsp"); > } > %> > > //logout > <% > session.removeAttribute("userName"); > session.invalidate(); > response.sendRedirect("./welcome.jsp"); > %> > > -- View this message in context: http://www.nabble.com/session-management-tp22054409p22114881.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: session management
Hi mthalis, maybe this will help: http://poulwiel.blogspot.com/2009/01/browser-back-button-and-caching-problem.html but to be honest i don't know if i understand Your problem at all. Best greetings, Paweł Wielgus. 2009/2/17 mthalis : > > i have already implemented login, logout parts using struts(jsp). But the > case is after logged out, when i press back button it is redirected to the > particular page that i was in before logged out. these are my codings, and > plz kind enough to give me reasonable answer. > > //set sessions// >HttpSession session=request.getSession(); >session.setAttribute("userName", userLoginForm.getName()); > > //verify log or notMaybe > <% > String userId=(String)session.getAttribute("userName"); >if(userId != null){ > %> > > > ///if not log > <% > } > else{ >response.sendRedirect("./index.jsp"); > } > %> > > //logout > <% > session.removeAttribute("userName"); > session.invalidate(); > response.sendRedirect("./welcome.jsp"); > %> > > -- > View this message in context: > http://www.nabble.com/session-management-tp22054409p22054409.html > Sent from the Struts - User mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: [OT] Re: Session management when using IE 7
You may want to add support for conversation scope to your application so that objects stored in session scope doesn't get mixed up. 2008/7/28, Dave Newton <[EMAIL PROTECTED]>: > --- On Mon, 7/28/08, OTA_DZ <[EMAIL PROTECTED]> wrote: > > I think there is an overlapping of session in > > my application. > > Technically it's an overlapping of sessions in the browser. > > Different browsers handle these things differently; in general tabbed > browsing will share a single session. That's not a framework issue; if you > want to support it you'll probably have to do something tricky, but maybe > someone here already has a solution. > > Dave > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OT] Re: Session management when using IE 7
--- On Mon, 7/28/08, OTA_DZ <[EMAIL PROTECTED]> wrote: > I think there is an overlapping of session in > my application. Technically it's an overlapping of sessions in the browser. Different browsers handle these things differently; in general tabbed browsing will share a single session. That's not a framework issue; if you want to support it you'll probably have to do something tricky, but maybe someone here already has a solution. Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session Management
maya, Once a user is logged in session variables are set and your user interface should not display login option...but if you hit back button on browser you will see login option in that case use saveToken now to allow duplicate form submission Back buttons display thing because form contains it you need to reset it Regards -Original Message- From: Maya menon [mailto:[EMAIL PROTECTED] Sent: 15 March 2007 16:43 To: user@struts.apache.org Subject: Session Management All, I have couple of questions while designing a web app using struts. My application uses Httpsession variables. 1. How do we handle a user from opening duplicate sessions ? Like if a user is already logged in, if he/she tries to login again, system should mention that user is already logegd in. How do we do that ? 2. Also, back buttons. Back buttons shoudlnt display anything [like no data] should appear when user clicks back button How to handle these two situations ? Need suggestions. Thanks, Maya - Don't be flakey. Get Yahoo! Mail for Mobile and always stay connected to friends. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session management
It is not clear what you are asking. Is the problem that - the session is not being maintained even when setting the timeout to 30 minutes - even after 1/2 hour the session does not timeout An observation, "pinging" the server every 10 seconds will create a lot of unnecessary work on the server. You can probably change it to a 30-50 second ping and set the session timeout to around a minute if you want to maintain the session. Since you are pinging the server regularly, as long as the user has a window up their session will never expire, even if they walk away or leave their computer on and browser window up all nite. An alternate solution would be to keep track of non-ping activity and terminate the user's session after n minutes of only ping activity, maybe redirect them to a "idle too long" screen without the AJAX ping when this occurs. An alternative approach would be to be able to re-establish the user's session if they happen to time out, but that is no small task. good luck, -ed On 10/3/06, sowjanya chimmani <[EMAIL PROTECTED]> wrote: Hi All, In our webapplication (struts based) we are using Ajax code (as part of header in all jsp)which will hits the server for every 10 sec so every time session will be updated so it is not possible to maintain the session (sesstion will not expires though after the session time out value ) .Please can any one help me to mintain the session(iam setting the session time out value as 30 min) -- sowjanya - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session management
So you know when exactly 30 mins elapses? right.? immedietly after this you can invalidate the session right? Regards PH On 10/3/06, sowjanya chimmani <[EMAIL PROTECTED]> wrote: Hi All, In our webapplication (struts based) we are using Ajax code (as part of header in all jsp)which will hits the server for every 10 sec so every time session will be updated so it is not possible to maintain the session (sesstion will not expires though after the session time out value ) .Please can any one help me to mintain the session(iam setting the session time out value as 30 min) -- sowjanya
Re: Session Management Within Webapp 2 (jsessionid)s
I updated my processor and added the proper logic that Martin showed yesterday. And what I am seeing is as follows: 1) When the user clicks the site, I can watch the logs and it shows that the session.isNew() and so it redirects to index.jsp. 2) At that point the screen is showing, so the user clicks a link (non style href) to go view a page. 3) When that page is submitted, I can see by the log, that it calls the ExtendedProcessor and once again, realizes that the session.isNew() and it once again calls the index.jsp page. 4) After that any link the user clicks works, but if you can see the pattern, the user must click two times before the session is established. I would like to have a better handle on why this occurs, or if there is a way I can ensure that this does not happen. It is ugly when the user has to click twice, to get rolling. Thanks for any advice. On 10/24/05, Martin Gainty <[EMAIL PROTECTED]> wrote: > > Dumb Question but I have to ask > First from the doc for the method > public boolean isNew()Returns true if the client does not yet know about > the > session or if the client chooses not to join the session. For example, if > the server used only cookie-based sessions, and the client had disabled > the > use of cookies, then a session would be new on each request. > Returns: > true if the server has created a session, but the client has not yet > joined > Throws: > IllegalStateException - if this method is called on an already > invalidated session > > protected boolean processPreProcess(request, response) > { > protected boolean continuedProcessing = true; > try > { > if (request.getSession()==null)||(request.getSession().isNew() ) > { > continueProcessing = false; > response.sendredirect ("/login.jsp"); > } //end if > } //end try > catch(IllegalStateException ill) > { > out.println("IllegalStateException has been thrown the exception is > "+ill.getMessage()); > } > return continueProcessing; > } //end method > a)are you checking to ensure the getSession is NOT NULL before the isNew > test ? > b)In this scenario is the session is null or session isNew then the > method returns false are your returning true/false? > c)are you catching the IllegalStateException ??? > > Anyone else ? > M- > - Original Message - > From: "Jim Reynolds" < [EMAIL PROTECTED]> > To: > Sent: Monday, October 24, 2005 10:57 AM > Subject: Session Management Within Webapp 2 (jsessionid)s > > > I have a project which I am working on. It does not have any type of form > login. It is just a merchant-type site. > > When client hits the URL, the index.jsp calls a forward like so: > > > This of course sends the request to the struts-config.do. > > I extended the RequestProcessor to set up some session type beans that > control the site. I only create the beans if the session.isNew() returns > true. In the RequestProcessor, I can see the beans being created and set > into the session. > > Finally the request is forward to a .jsp page from the original " > welcome.do" > call. > > On the jsp page, I have some tags, with links. Since I am using tags, I > just > used some normal html style links. Not html:link calls. > > When a user requests hits a link, and calls another xxx.do, the request > goes > back to the RequestProcessor, and it thinks the session.isNew(), and I end > > up creating all the session beans again. > > After that it works as it should, but I end up with 2 (jsessionid) cookies > being created for each user? > > I am seeking advice, as to why this occured, and if this is normal > behavior, > or not-normal behavior. Upon researching the topic over the weekend, I was > unable to find any threads, about this. > > Am I doing something wrong, or possibly a logic-flaw somewhere. > > Thanks, > > < user@struts.apache.org> > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: Session Management Within Webapp 2 (jsessionid)s
Dumb Question but I have to ask First from the doc for the method public boolean isNew()Returns true if the client does not yet know about the session or if the client chooses not to join the session. For example, if the server used only cookie-based sessions, and the client had disabled the use of cookies, then a session would be new on each request. Returns: true if the server has created a session, but the client has not yet joined Throws: IllegalStateException - if this method is called on an already invalidated session protected boolean processPreProcess(request, response) { protected boolean continuedProcessing = true; try { if (request.getSession()==null)||(request.getSession().isNew() ) { continueProcessing = false; response.sendredirect("/login.jsp"); } //end if } //end try catch(IllegalStateException ill) { out.println("IllegalStateException has been thrown the exception is "+ill.getMessage()); } return continueProcessing; } //end method a)are you checking to ensure the getSession is NOT NULL before the isNew test ? b)In this scenario is the session is null or session isNew then the method returns false are your returning true/false? c)are you catching the IllegalStateException ??? Anyone else ? M- - Original Message - From: "Jim Reynolds" <[EMAIL PROTECTED]> To: Sent: Monday, October 24, 2005 10:57 AM Subject: Session Management Within Webapp 2 (jsessionid)s I have a project which I am working on. It does not have any type of form login. It is just a merchant-type site. When client hits the URL, the index.jsp calls a forward like so: This of course sends the request to the struts-config.do. I extended the RequestProcessor to set up some session type beans that control the site. I only create the beans if the session.isNew() returns true. In the RequestProcessor, I can see the beans being created and set into the session. Finally the request is forward to a .jsp page from the original "welcome.do" call. On the jsp page, I have some tags, with links. Since I am using tags, I just used some normal html style links. Not html:link calls. When a user requests hits a link, and calls another xxx.do, the request goes back to the RequestProcessor, and it thinks the session.isNew(), and I end up creating all the session beans again. After that it works as it should, but I end up with 2 (jsessionid) cookies being created for each user? I am seeking advice, as to why this occured, and if this is normal behavior, or not-normal behavior. Upon researching the topic over the weekend, I was unable to find any threads, about this. Am I doing something wrong, or possibly a logic-flaw somewhere. Thanks, - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]