RE: Session problem unidentified
Hi all, Sorry for the late reply. Inside my action method the User object is populated via autowiring. Dao object is being injected as bean using spring. i dont know how to set scope for the bean. please help me in using the bean with scope. If i did anything wrong in my approach, please help in correcting the basic structure or approach. or refer any URL which suits to solve my issue. please help me Kawczynski, David wrote: How does your action class get populated with a User object (or whatever it is that is saved incorrectly)? Does Spring have any role in the creation of that object? If so, what scope is that bean defined? What's the value of the key for this object when it is saved incorrectly? -Original Message- From: MyAshok [mailto:[EMAIL PROTECTED] Sent: Thursday, October 09, 2008 4:07 PM To: user@struts.apache.org Subject: Session problem unidentified Hi all, I got a critical problem. My Application Environment - Struts 2 Application, Spring injection for dao, Hiberanate3 Scenerio 1) When user A logged in and add a new user x (which sets the selectedUser (gettersettervariable) to Null). 2) At the same time, user B logged in and edit a existing user (which sets the selectedUser to some value). 3) Now, the user A save the entries, this row is updated to the table for the existing user( which was selected by userB) I cant find where i went wrong. I can guess that there is a problem with session management. I cant find whether the problem with the HibernateSession or HttpSession. Can u please give me solutions. Waiting for the helpful solution with hope. With Regards, Ashok -- View this message in context: http://www.nabble.com/Session-problem-unidentified-tp19906321p19906321.h tml Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Notice: This e-mail message, together with any attachments, contains information of Merck Co., Inc. (One Merck Drive, Whitehouse Station, New Jersey, USA 08889), and/or its affiliates (which may be known outside the United States as Merck Frosst, Merck Sharp Dohme or MSD and in Japan, as Banyu - direct contact information for affiliates is available at http://www.merck.com/contact/contacts.html) that may be confidential, proprietary copyrighted and/or legally privileged. It is intended solely for the use of the individual or entity named on this message. If you are not the intended recipient, and have received this message in error, please notify us immediately by reply e-mail and then delete it from your system. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Session-problem-unidentified-tp19906321p20139739.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session problem unidentified
--- On Thu, 10/23/08, MyAshok wrote: Inside my action method the User object is populated via autowiring. Have you read the Spring documentation? This seems more a Spring issue than Struts, really. I used Google and searched for spring 2.0 session scope and the hits seemed relevant to your issue. Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session problem unidentified
How does your action class get populated with a User object (or whatever it is that is saved incorrectly)? Does Spring have any role in the creation of that object? If so, what scope is that bean defined? What's the value of the key for this object when it is saved incorrectly? -Original Message- From: MyAshok [mailto:[EMAIL PROTECTED] Sent: Thursday, October 09, 2008 4:07 PM To: user@struts.apache.org Subject: Session problem unidentified Hi all, I got a critical problem. My Application Environment - Struts 2 Application, Spring injection for dao, Hiberanate3 Scenerio 1) When user A logged in and add a new user x (which sets the selectedUser (gettersettervariable) to Null). 2) At the same time, user B logged in and edit a existing user (which sets the selectedUser to some value). 3) Now, the user A save the entries, this row is updated to the table for the existing user( which was selected by userB) I cant find where i went wrong. I can guess that there is a problem with session management. I cant find whether the problem with the HibernateSession or HttpSession. Can u please give me solutions. Waiting for the helpful solution with hope. With Regards, Ashok -- View this message in context: http://www.nabble.com/Session-problem-unidentified-tp19906321p19906321.h tml Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Notice: This e-mail message, together with any attachments, contains information of Merck Co., Inc. (One Merck Drive, Whitehouse Station, New Jersey, USA 08889), and/or its affiliates (which may be known outside the United States as Merck Frosst, Merck Sharp Dohme or MSD and in Japan, as Banyu - direct contact information for affiliates is available at http://www.merck.com/contact/contacts.html) that may be confidential, proprietary copyrighted and/or legally privileged. It is intended solely for the use of the individual or entity named on this message. If you are not the intended recipient, and have received this message in error, please notify us immediately by reply e-mail and then delete it from your system. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session problem unidentified
--- On Thu, 10/9/08, MyAshok wrote: 1) When user A logged in and add a new user x (which sets the selectedUser (gettersettervariable) to Null). 2) At the same time, user B logged in and edit a existing user (which sets the selectedUser to some value). 3) Now, the user A save the entries, this row is updated to the table for the existing user( which was selected by userB) It's unclear to me what the problem is. Is it that the actions are editing the same instance? Or that you're not doing any sort of locking on the table? Or...? Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session problem
Re Spring IOC, I agree. The back end of the application operates using IOC, I just haven't got round to finding out what I need to do to Struts to get it to inject into an Action class, yet. Anyway, I have got to the bottom of the problem which was that despite earlier assurances, I hadn't configured the correct bean in Spring as scope=prototype, so I was always getting back the same user object. One for the Spring forum I think. Thanks for your assistance. M. I would reduce your problem to a simple class that does nothing but access only the HttpSession and see if the problem still exists, then build up around that until something blows up. I would also consider using Spring's DI/IoC to inject a user service object (generally not the same class as a user itself) into the action rather than accessing Spring's application context directly. d. -- View this message in context: http://www.nabble.com/Session-problem-tf4324658.html#a12365492 Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session problem
--- Mark Rollins [EMAIL PROTECTED] wrote: I just haven't got round to finding out what I need to do to Struts to get it to inject into an Action class, yet. Set the object factory as Spring, provide a setter in the action class, and name the Spring bean the same name as the setter, so IFooService setFooService(IFooService service) and bean name=fooService class=FooServiceImpl/ is the quickest; IIRC it defaults to autowiring by name. http://struts.apache.org/2.x/docs/spring-plugin.html d. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session problem
How are you starting a new browser from this *same* machine? If you are
pressing Ctrl-N New Window, this is your problem! This will appear to be
two browsers, when actually it is two browser windows over the same
session! You must start a second (3rd, 4th, ...) browser the way you
started the first if you truly want unique session ids.
Scott
On 8/26/07, Pavel Sapozhnikov [EMAIL PROTECTED] wrote:
Hey what does that thing implementing ApplicationAware really do for you?
On 8/26/07, Mark Rollins [EMAIL PROTECTED] wrote:
You are correct - I decided to refactor as I was pasting!! Sorry.
Rod Bollinger wrote:
This may not be the only issue but I do see a typo in setSession()...
It should be: this.session = session; instead of this.session = map;
-Rod
-Original Message-
From: Mark Rollins [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 25, 2007 05:47
To: user@struts.apache.org
Subject: Re: Session problem
This is my first Struts app, so it's quite simplistic. What I'm trying
to
achieve is to lock down certain processes so that only one user can
run
them
at a time. I intended to do this by having an application variable
holding
the User object for the user currently running the process and
examining
this prior to starting the process and reporting who was running it if
it
was already running.
All Actions extend BaseActionSupport (this is a cut down version)...
//==
public abstract class BaseActionSupport extends ActionSupport
implements
SessionAware, ApplicationAware {
protected Map session;
protected Map application;
...
public void setSession(Map session) {
this.session = map;
}
public void setApplication(Map application) {
this.application = application;
}
...
public User getUser() {
return (User) session.get(CURRENT_USER);
}
...
protected boolean setProcessLock(String lockName) throws
ActionException
{
if(lockName.equals()) throw new ActionException(Lockname
not
specified in setProcessLock);
User processLock=(User) application.get(lockName);
if(processLock!=null)
throw new ActionException(Process lock +lockName+
already
set. Use checkProcessLock() first.);
else{
application.put(lockName, this.getUser());
return true;
}
}
...
}
//==
In the LoginAction, where User bean is declared with prototype
scope...
...
ApplicationContext context = SpringUtils.getApplicationContext
();
User usr = (User) context.getBean(User);
...
if (usr.exists(userID)) {
usr.getUser(userID);
if (usr.validPassword(password)) {
logger.info(User + usr.getUserID() + logged
on.);
session.put(CURRENT_USER, usr);
return SUCCESS;
}
}
...
//==
In setProcessLock, the getUser() call returns the second user object
when
run by the first user (using the previous example). There may be no
other
actions between the login and the process commencing so the
opportunity
for
overwriting is very limited, and I don't think this is the problem
(well,
not directly anyway).
Laurie Harper wrote:
You have some cross-talk somewhere in your code, by the sound of it.
Take a look at any code that touches the session; you probably have
something somewhere that's at the wrong scope (in application scope
when
it should be session/request, a Spring bean accidentally configured
as
singleton scope, ...).
Without access to your source code, it's impossible to say much more
than that but if you can narrow it down and post the code that's
causing
the problem, someone may be able to explain why it's not working as
you
expected.
L.
MARollins wrote:
I am running everything from one machine, but access the app from
different
browsers in order to get different sessions (ie IE and Firefox). I
have
tried the second user from another machine and it didn't make any
difference.
The app also uses Spring, but I have configured this to give me a
new
user
object as required rather than the default singleton, and I'm happy
this
is
working.
When logging in for the second user, I can see that the session map
is
empty
for the new user's session, then session.put is called with the new
user
object, and this seems OK.
If I then call an action using the first user and access the session
map,
hey presto, I've got the user object from the second user.
Server is Tomcat 5.5
Re: Session problem
I'm actually using two different browsers, IE and Firefox, as I thought this would guarantee me two separate sessions. How are you starting a new browser from this *same* machine? If you are pressing Ctrl-N New Window, this is your problem! This will appear to be two browsers, when actually it is two browser windows over the same session! You must start a second (3rd, 4th, ...) browser the way you started the first if you truly want unique session ids. Scott -- View this message in context: http://www.nabble.com/Session-problem-tf4324658.html#a12354179 Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session problem
I would reduce your problem to a simple class that does nothing but access only the HttpSession and see if the problem still exists, then build up around that until something blows up. I would also consider using Spring's DI/IoC to inject a user service object (generally not the same class as a user itself) into the action rather than accessing Spring's application context directly. d. --- Mark Rollins [EMAIL PROTECTED] wrote: I'm actually using two different browsers, IE and Firefox, as I thought this would guarantee me two separate sessions. How are you starting a new browser from this *same* machine? If you are pressing Ctrl-N New Window, this is your problem! This will appear to be two browsers, when actually it is two browser windows over the same session! You must start a second (3rd, 4th, ...) browser the way you started the first if you truly want unique session ids. Scott -- View this message in context: http://www.nabble.com/Session-problem-tf4324658.html#a12354179 Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session problem
You are correct - I decided to refactor as I was pasting!! Sorry.
Rod Bollinger wrote:
This may not be the only issue but I do see a typo in setSession()...
It should be: this.session = session; instead of this.session = map;
-Rod
-Original Message-
From: Mark Rollins [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 25, 2007 05:47
To: user@struts.apache.org
Subject: Re: Session problem
This is my first Struts app, so it's quite simplistic. What I'm trying to
achieve is to lock down certain processes so that only one user can run
them
at a time. I intended to do this by having an application variable holding
the User object for the user currently running the process and examining
this prior to starting the process and reporting who was running it if it
was already running.
All Actions extend BaseActionSupport (this is a cut down version)...
//==
public abstract class BaseActionSupport extends ActionSupport implements
SessionAware, ApplicationAware {
protected Map session;
protected Map application;
...
public void setSession(Map session) {
this.session = map;
}
public void setApplication(Map application) {
this.application = application;
}
...
public User getUser() {
return (User) session.get(CURRENT_USER);
}
...
protected boolean setProcessLock(String lockName) throws
ActionException
{
if(lockName.equals()) throw new ActionException(Lockname not
specified in setProcessLock);
User processLock=(User) application.get(lockName);
if(processLock!=null)
throw new ActionException(Process lock +lockName+ already
set. Use checkProcessLock() first.);
else{
application.put(lockName, this.getUser());
return true;
}
}
...
}
//==
In the LoginAction, where User bean is declared with prototype scope...
...
ApplicationContext context = SpringUtils.getApplicationContext();
User usr = (User) context.getBean(User);
...
if (usr.exists(userID)) {
usr.getUser(userID);
if (usr.validPassword(password)) {
logger.info(User + usr.getUserID() + logged on.);
session.put(CURRENT_USER, usr);
return SUCCESS;
}
}
...
//==
In setProcessLock, the getUser() call returns the second user object when
run by the first user (using the previous example). There may be no other
actions between the login and the process commencing so the opportunity
for
overwriting is very limited, and I don't think this is the problem (well,
not directly anyway).
Laurie Harper wrote:
You have some cross-talk somewhere in your code, by the sound of it.
Take a look at any code that touches the session; you probably have
something somewhere that's at the wrong scope (in application scope when
it should be session/request, a Spring bean accidentally configured as
singleton scope, ...).
Without access to your source code, it's impossible to say much more
than that but if you can narrow it down and post the code that's causing
the problem, someone may be able to explain why it's not working as you
expected.
L.
MARollins wrote:
I am running everything from one machine, but access the app from
different
browsers in order to get different sessions (ie IE and Firefox). I have
tried the second user from another machine and it didn't make any
difference.
The app also uses Spring, but I have configured this to give me a new
user
object as required rather than the default singleton, and I'm happy this
is
working.
When logging in for the second user, I can see that the session map is
empty
for the new user's session, then session.put is called with the new user
object, and this seems OK.
If I then call an action using the first user and access the session
map,
hey presto, I've got the user object from the second user.
Server is Tomcat 5.5 and Struts is v2.
newton.dave wrote:
--- MARollins [EMAIL PROTECTED] wrote:
I'm having a problem whereby objects saved on the
Session are visible to other sessions.
For example, the login page saves a new User object
on the session using session.put (I have a base
class
for all my Actions which implements SessionAware in
order to be able to access Session variables). When
a
second user logs on, the first user then sees the
second user's ID. It's almost like we're writing to
the application rather than the session.
Any ideas where I'm going wrong?
Not with so little information to go on.
Is the second user's login happening from a
different machine and / or different browser?
d.
-
To unsubscribe, e-mail: [EMAIL
Re: Session problem
Hey what does that thing implementing ApplicationAware really do for you?
On 8/26/07, Mark Rollins [EMAIL PROTECTED] wrote:
You are correct - I decided to refactor as I was pasting!! Sorry.
Rod Bollinger wrote:
This may not be the only issue but I do see a typo in setSession()...
It should be: this.session = session; instead of this.session = map;
-Rod
-Original Message-
From: Mark Rollins [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 25, 2007 05:47
To: user@struts.apache.org
Subject: Re: Session problem
This is my first Struts app, so it's quite simplistic. What I'm trying
to
achieve is to lock down certain processes so that only one user can run
them
at a time. I intended to do this by having an application variable
holding
the User object for the user currently running the process and examining
this prior to starting the process and reporting who was running it if
it
was already running.
All Actions extend BaseActionSupport (this is a cut down version)...
//==
public abstract class BaseActionSupport extends ActionSupport implements
SessionAware, ApplicationAware {
protected Map session;
protected Map application;
...
public void setSession(Map session) {
this.session = map;
}
public void setApplication(Map application) {
this.application = application;
}
...
public User getUser() {
return (User) session.get(CURRENT_USER);
}
...
protected boolean setProcessLock(String lockName) throws
ActionException
{
if(lockName.equals()) throw new ActionException(Lockname not
specified in setProcessLock);
User processLock=(User) application.get(lockName);
if(processLock!=null)
throw new ActionException(Process lock +lockName+ already
set. Use checkProcessLock() first.);
else{
application.put(lockName, this.getUser());
return true;
}
}
...
}
//==
In the LoginAction, where User bean is declared with prototype
scope...
...
ApplicationContext context = SpringUtils.getApplicationContext
();
User usr = (User) context.getBean(User);
...
if (usr.exists(userID)) {
usr.getUser(userID);
if (usr.validPassword(password)) {
logger.info(User + usr.getUserID() + logged on.);
session.put(CURRENT_USER, usr);
return SUCCESS;
}
}
...
//==
In setProcessLock, the getUser() call returns the second user object
when
run by the first user (using the previous example). There may be no
other
actions between the login and the process commencing so the opportunity
for
overwriting is very limited, and I don't think this is the problem
(well,
not directly anyway).
Laurie Harper wrote:
You have some cross-talk somewhere in your code, by the sound of it.
Take a look at any code that touches the session; you probably have
something somewhere that's at the wrong scope (in application scope
when
it should be session/request, a Spring bean accidentally configured as
singleton scope, ...).
Without access to your source code, it's impossible to say much more
than that but if you can narrow it down and post the code that's
causing
the problem, someone may be able to explain why it's not working as you
expected.
L.
MARollins wrote:
I am running everything from one machine, but access the app from
different
browsers in order to get different sessions (ie IE and Firefox). I
have
tried the second user from another machine and it didn't make any
difference.
The app also uses Spring, but I have configured this to give me a new
user
object as required rather than the default singleton, and I'm happy
this
is
working.
When logging in for the second user, I can see that the session map is
empty
for the new user's session, then session.put is called with the new
user
object, and this seems OK.
If I then call an action using the first user and access the session
map,
hey presto, I've got the user object from the second user.
Server is Tomcat 5.5 and Struts is v2.
newton.dave wrote:
--- MARollins [EMAIL PROTECTED] wrote:
I'm having a problem whereby objects saved on the
Session are visible to other sessions.
For example, the login page saves a new User object
on the session using session.put (I have a base
class
for all my Actions which implements SessionAware in
order to be able to access Session variables). When
a
second user logs on, the first user then sees the
second user's ID. It's almost like we're writing to
the application rather than the session.
Any ideas where I'm going wrong
Re: Session problem
This is my first Struts app, so it's quite simplistic. What I'm trying to
achieve is to lock down certain precesses so that only one user can run them
at a time. I intended to do this by having an application variable holding
the User object for the user currently running the process and examining
this prior to starting the process and reporting who was running it if it
was already running.
All Actions extend BaseActionSupport (this is a cut down version)...
//==
public abstract class BaseActionSupport extends ActionSupport implements
SessionAware, ApplicationAware {
protected Map session;
protected Map application;
...
public void setSession(Map session) {
this.session = map;
}
public void setApplication(Map application) {
this.application = application;
}
...
public User getUser() {
return (User) session.get(CURRENT_USER);
}
...
protected boolean setProcessLock(String lockName) throws ActionException
{
if(lockName.equals()) throw new ActionException(Lockname not
specified in setProcessLock);
User processLock=(User) application.get(lockName);
if(processLock!=null)
throw new ActionException(Process lock +lockName+ already
set. Use checkProcessLock() first.);
else{
application.put(lockName, this.getUser());
return true;
}
}
...
}
//==
In the LoginAction, where User bean is declared with prototype scope...
...
ApplicationContext context = SpringUtils.getApplicationContext();
User usr = (User) context.getBean(User);
...
if (usr.exists(userID)) {
usr.getUser(userID);
if (usr.validPassword(password)) {
logger.info(User + usr.getUserID() + logged on.);
session.put(CURRENT_USER, usr);
return SUCCESS;
}
}
...
//==
In setProcessLock, the getUser() call returns the second user object when
run by the first user (using the previous example). There may be no other
actions between the login and the process commencing so the opportunity for
overwriting is very limited, and I don't think this is the problem (well,
not directly anyway).
Laurie Harper wrote:
You have some cross-talk somewhere in your code, by the sound of it.
Take a look at any code that touches the session; you probably have
something somewhere that's at the wrong scope (in application scope when
it should be session/request, a Spring bean accidentally configured as
singleton scope, ...).
Without access to your source code, it's impossible to say much more
than that but if you can narrow it down and post the code that's causing
the problem, someone may be able to explain why it's not working as you
expected.
L.
MARollins wrote:
I am running everything from one machine, but access the app from
different
browsers in order to get different sessions (ie IE and Firefox). I have
tried the second user from another machine and it didn't make any
difference.
The app also uses Spring, but I have configured this to give me a new
user
object as required rather than the default singleton, and I'm happy this
is
working.
When logging in for the second user, I can see that the session map is
empty
for the new user's session, then session.put is called with the new user
object, and this seems OK.
If I then call an action using the first user and access the session map,
hey presto, I've got the user object from the second user.
Server is Tomcat 5.5 and Struts is v2.
newton.dave wrote:
--- MARollins [EMAIL PROTECTED] wrote:
I'm having a problem whereby objects saved on the
Session are visible to other sessions.
For example, the login page saves a new User object
on the session using session.put (I have a base
class
for all my Actions which implements SessionAware in
order to be able to access Session variables). When
a
second user logs on, the first user then sees the
second user's ID. It's almost like we're writing to
the application rather than the session.
Any ideas where I'm going wrong?
Not with so little information to go on.
Is the second user's login happening from a
different machine and / or different browser?
d.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
View this message in context:
http://www.nabble.com/Session-problem-tf4324658.html#a12324676
Sent from the Struts - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: [EMAIL
RE: Session problem
This may not be the only issue but I do see a typo in setSession()...
It should be: this.session = session; instead of this.session = map;
-Rod
-Original Message-
From: Mark Rollins [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 25, 2007 05:47
To: user@struts.apache.org
Subject: Re: Session problem
This is my first Struts app, so it's quite simplistic. What I'm trying to
achieve is to lock down certain processes so that only one user can run them
at a time. I intended to do this by having an application variable holding
the User object for the user currently running the process and examining
this prior to starting the process and reporting who was running it if it
was already running.
All Actions extend BaseActionSupport (this is a cut down version)...
//==
public abstract class BaseActionSupport extends ActionSupport implements
SessionAware, ApplicationAware {
protected Map session;
protected Map application;
...
public void setSession(Map session) {
this.session = map;
}
public void setApplication(Map application) {
this.application = application;
}
...
public User getUser() {
return (User) session.get(CURRENT_USER);
}
...
protected boolean setProcessLock(String lockName) throws ActionException
{
if(lockName.equals()) throw new ActionException(Lockname not
specified in setProcessLock);
User processLock=(User) application.get(lockName);
if(processLock!=null)
throw new ActionException(Process lock +lockName+ already
set. Use checkProcessLock() first.);
else{
application.put(lockName, this.getUser());
return true;
}
}
...
}
//==
In the LoginAction, where User bean is declared with prototype scope...
...
ApplicationContext context = SpringUtils.getApplicationContext();
User usr = (User) context.getBean(User);
...
if (usr.exists(userID)) {
usr.getUser(userID);
if (usr.validPassword(password)) {
logger.info(User + usr.getUserID() + logged on.);
session.put(CURRENT_USER, usr);
return SUCCESS;
}
}
...
//==
In setProcessLock, the getUser() call returns the second user object when
run by the first user (using the previous example). There may be no other
actions between the login and the process commencing so the opportunity for
overwriting is very limited, and I don't think this is the problem (well,
not directly anyway).
Laurie Harper wrote:
You have some cross-talk somewhere in your code, by the sound of it.
Take a look at any code that touches the session; you probably have
something somewhere that's at the wrong scope (in application scope when
it should be session/request, a Spring bean accidentally configured as
singleton scope, ...).
Without access to your source code, it's impossible to say much more
than that but if you can narrow it down and post the code that's causing
the problem, someone may be able to explain why it's not working as you
expected.
L.
MARollins wrote:
I am running everything from one machine, but access the app from
different
browsers in order to get different sessions (ie IE and Firefox). I have
tried the second user from another machine and it didn't make any
difference.
The app also uses Spring, but I have configured this to give me a new
user
object as required rather than the default singleton, and I'm happy this
is
working.
When logging in for the second user, I can see that the session map is
empty
for the new user's session, then session.put is called with the new user
object, and this seems OK.
If I then call an action using the first user and access the session map,
hey presto, I've got the user object from the second user.
Server is Tomcat 5.5 and Struts is v2.
newton.dave wrote:
--- MARollins [EMAIL PROTECTED] wrote:
I'm having a problem whereby objects saved on the
Session are visible to other sessions.
For example, the login page saves a new User object
on the session using session.put (I have a base
class
for all my Actions which implements SessionAware in
order to be able to access Session variables). When
a
second user logs on, the first user then sees the
second user's ID. It's almost like we're writing to
the application rather than the session.
Any ideas where I'm going wrong?
Not with so little information to go on.
Is the second user's login happening from a
different machine and / or different browser?
d.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED
Re: Session problem
--- MARollins [EMAIL PROTECTED] wrote: I'm having a problem whereby objects saved on the Session are visible to other sessions. For example, the login page saves a new User object on the session using session.put (I have a base class for all my Actions which implements SessionAware in order to be able to access Session variables). When a second user logs on, the first user then sees the second user's ID. It's almost like we're writing to the application rather than the session. Any ideas where I'm going wrong? Not with so little information to go on. Is the second user's login happening from a different machine and / or different browser? d. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session problem
I am running everything from one machine, but access the app from different browsers in order to get different sessions (ie IE and Firefox). I have tried the second user from another machine and it didn't make any difference. The app also uses Spring, but I have configured this to give me a new user object as required rather than the default singleton, and I'm happy this is working. When logging in for the second user, I can see that the session map is empty for the new user's session, then session.put is called with the new user object, and this seems OK. If I then call an action using the first user and access the session map, hey presto, I've got the user object from the second user. Server is Tomcat 5.5 and Struts is v2. newton.dave wrote: --- MARollins [EMAIL PROTECTED] wrote: I'm having a problem whereby objects saved on the Session are visible to other sessions. For example, the login page saves a new User object on the session using session.put (I have a base class for all my Actions which implements SessionAware in order to be able to access Session variables). When a second user logs on, the first user then sees the second user's ID. It's almost like we're writing to the application rather than the session. Any ideas where I'm going wrong? Not with so little information to go on. Is the second user's login happening from a different machine and / or different browser? d. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Session-problem-tf4324658.html#a12318960 Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session problem
You have some cross-talk somewhere in your code, by the sound of it. Take a look at any code that touches the session; you probably have something somewhere that's at the wrong scope (in application scope when it should be session/request, a Spring bean accidentally configured as singleton scope, ...). Without access to your source code, it's impossible to say much more than that but if you can narrow it down and post the code that's causing the problem, someone may be able to explain why it's not working as you expected. L. MARollins wrote: I am running everything from one machine, but access the app from different browsers in order to get different sessions (ie IE and Firefox). I have tried the second user from another machine and it didn't make any difference. The app also uses Spring, but I have configured this to give me a new user object as required rather than the default singleton, and I'm happy this is working. When logging in for the second user, I can see that the session map is empty for the new user's session, then session.put is called with the new user object, and this seems OK. If I then call an action using the first user and access the session map, hey presto, I've got the user object from the second user. Server is Tomcat 5.5 and Struts is v2. newton.dave wrote: --- MARollins [EMAIL PROTECTED] wrote: I'm having a problem whereby objects saved on the Session are visible to other sessions. For example, the login page saves a new User object on the session using session.put (I have a base class for all my Actions which implements SessionAware in order to be able to access Session variables). When a second user logs on, the first user then sees the second user's ID. It's almost like we're writing to the application rather than the session. Any ideas where I'm going wrong? Not with so little information to go on. Is the second user's login happening from a different machine and / or different browser? d. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re: Session problem
The key is to not put anything in your session. Actions are the obvious place to look for things being stuffed into the session (via request.getSession().get/setAttribute()), but you might have a filter that creates a session as part of what it does, or an action that has a session-scoped form in struts-config.xml. If you want to only test for the existance of a session in your action, don't forget to call request.getSession(false) and then check the return for null. See the javadoc: http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/http/HttpServletRequest.html#getSession(boolean) Also, if you have other webapps on the web server, they might be using sessions in their webapps, so anything you do in yours will be for naught. -ed On 12/6/05, Baker, Russ A [EMAIL PROTECTED] wrote: It is Weblogic. I am using a graceful shutdown so that if people still have open sessions, they can complete what they are doing. The other alternative is to force shutdown, but I am afraid I will make enemies if I do that... -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Laurie Harper Sent: Tuesday, December 06, 2005 3:53 PM To: user@struts.apache.org Subject: Re: Session problem Baker, Russ A wrote: Hello, I am trying to figure out how to stop Struts from creating a session. What seems to happen is that once I call an action, a session is created. This is a problem because when I want to gracefully shut down my server, it complains that I still have an active session. Is there a way to configure Struts so that it does not create a session when an action is called? A session is created the first time something accesses it. Since Struts stores various things in session scope, I don't think you can avoid having one created. What container are you using? It seems like an odd behaviour to refuse to shut down if there are any active sessions... Are you sure it's referring to an HTTP session (as opposed, for example, to a Hibernate session or something)? L. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session problem
One second is much too short as most users won't be able to enter data on a web form and click submit :-) but one or two minutes might be more realistic. However, even with a suitably short timeout, if a user is actively submitting forms or requesting pages, the session will never go away so the server won't go down. If this is a production system, you might try persisting the sessions or go with a cluster with sessions persisted between them with a front-end server (could be apache+mod_jk) that will round-robin requests and automatically direct requests to the box that's up if one goes down. This is a lot of work to configure and run, and my suspicion is this is overkill for your setup :-) -ed On 12/6/05, Ross Gibb [EMAIL PROTECTED] wrote: Your second post seems to contradict your first post. The users are going to more mad at losing their session or the application entirely? Do you mean you want the sessions to persist through server restart? I have no idea if Weblogic supports that. A hacky solution off the top of my head would be to set the session timeout extremely low. Like zero or 1 second, I guess the sessions wouldn't be around for that long. This solution may have unintended side effects as many of my hacky solutions do. Ross Baker, Russ A wrote: It is Weblogic. I am using a graceful shutdown so that if people still have open sessions, they can complete what they are doing. The other alternative is to force shutdown, but I am afraid I will make enemies if I do that... -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Laurie Harper Sent: Tuesday, December 06, 2005 3:53 PM To: user@struts.apache.org Subject: Re: Session problem Baker, Russ A wrote: Hello, I am trying to figure out how to stop Struts from creating a session. What seems to happen is that once I call an action, a session is created. This is a problem because when I want to gracefully shut down my server, it complains that I still have an active session. Is there a way to configure Struts so that it does not create a session when an action is called? A session is created the first time something accesses it. Since Struts stores various things in session scope, I don't think you can avoid having one created. What container are you using? It seems like an odd behaviour to refuse to shut down if there are any active sessions... Are you sure it's referring to an HTTP session (as opposed, for example, to a Hibernate session or something)? L. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Re: Session problem
Hi, Here's my take on the subject The key here is that you want the users to finish what they are doing before you let the server shut down. This means a few things: 1. If the webapp uses the concept of logging in, new login sessions shouldn't be allowed. Attempts to login should be responded to with some sort of error: The server is being shutdown... 2. Existing sessions should be invalidated as soon as their next request has been submitted, and the response should be redirected to an error message The server is being shutdown. For example, the when user clicks: check mail, a request is generated to the server(which calls a Struts action); respond to this request by invalidating the session, and redirecting to an error page. 2.a. There is an exception to this case: What if the user is in the middle of a multi-step process. For example step 2 of the shopping cart checkout process. In this case, you would want to postpone calling session.invalidate() until after the checkout transaction is complete. We will call these multi-step transactions. To facilitate these items, you will need some method of informing your webapplication that the server is going to be shutdown. One way to do this would be to set a flag in the application context; another way is to create a lock file; yet another way is to set a flag in a database. Once the webapp has been informed that the server is going to be shutdown, wait until all the user sessions have been invalidated, and shut it down. I have thought about this subject on a number of occasions, but have never implemented it. I would be glad to hear of any feedback. Thanks, James -Original Message- From: Ed Griebel [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 07, 2005 10:09 AM To: Struts Users Mailing List Subject: Re: Re: Session problem The key is to not put anything in your session. Actions are the obvious place to look for things being stuffed into the session (via request.getSession().get/setAttribute()), but you might have a filter that creates a session as part of what it does, or an action that has a session-scoped form in struts-config.xml. If you want to only test for the existance of a session in your action, don't forget to call request.getSession(false) and then check the return for null. See the javadoc: http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/http/HttpServletRequest.html#getSession(boolean) Also, if you have other webapps on the web server, they might be using sessions in their webapps, so anything you do in yours will be for naught. -ed On 12/6/05, Baker, Russ A [EMAIL PROTECTED] wrote: It is Weblogic. I am using a graceful shutdown so that if people still have open sessions, they can complete what they are doing. The other alternative is to force shutdown, but I am afraid I will make enemies if I do that... -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Laurie Harper Sent: Tuesday, December 06, 2005 3:53 PM To: user@struts.apache.org Subject: Re: Session problem Baker, Russ A wrote: Hello, I am trying to figure out how to stop Struts from creating a session. What seems to happen is that once I call an action, a session is created. This is a problem because when I want to gracefully shut down my server, it complains that I still have an active session. Is there a way to configure Struts so that it does not create a session when an action is called? A session is created the first time something accesses it. Since Struts stores various things in session scope, I don't think you can avoid having one created. What container are you using? It seems like an odd behaviour to refuse to shut down if there are any active sessions... Are you sure it's referring to an HTTP session (as opposed, for example, to a Hibernate session or something)? L. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session problem
Ok, well I just verified that it is not weblogic automatically creating a session. Struts is definitely creating the session when I call an action. I also verified that no session is created at any point when I hit my action. So I am guessing that the controller is creating the session. Is it possibly creating a session and putting the default locale in it? -Original Message- From: Ed Griebel [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 07, 2005 8:22 AM To: Struts Users Mailing List Subject: Re: Session problem One second is much too short as most users won't be able to enter data on a web form and click submit :-) but one or two minutes might be more realistic. However, even with a suitably short timeout, if a user is actively submitting forms or requesting pages, the session will never go away so the server won't go down. If this is a production system, you might try persisting the sessions or go with a cluster with sessions persisted between them with a front-end server (could be apache+mod_jk) that will round-robin requests and automatically direct requests to the box that's up if one goes down. This is a lot of work to configure and run, and my suspicion is this is overkill for your setup :-) -ed On 12/6/05, Ross Gibb [EMAIL PROTECTED] wrote: Your second post seems to contradict your first post. The users are going to more mad at losing their session or the application entirely? Do you mean you want the sessions to persist through server restart? I have no idea if Weblogic supports that. A hacky solution off the top of my head would be to set the session timeout extremely low. Like zero or 1 second, I guess the sessions wouldn't be around for that long. This solution may have unintended side effects as many of my hacky solutions do. Ross Baker, Russ A wrote: It is Weblogic. I am using a graceful shutdown so that if people still have open sessions, they can complete what they are doing. The other alternative is to force shutdown, but I am afraid I will make enemies if I do that... -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Laurie Harper Sent: Tuesday, December 06, 2005 3:53 PM To: user@struts.apache.org Subject: Re: Session problem Baker, Russ A wrote: Hello, I am trying to figure out how to stop Struts from creating a session. What seems to happen is that once I call an action, a session is created. This is a problem because when I want to gracefully shut down my server, it complains that I still have an active session. Is there a way to configure Struts so that it does not create a session when an action is called? A session is created the first time something accesses it. Since Struts stores various things in session scope, I don't think you can avoid having one created. What container are you using? It seems like an odd behaviour to refuse to shut down if there are any active sessions... Are you sure it's referring to an HTTP session (as opposed, for example, to a Hibernate session or something)? L. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Re: Session problem
No, sorry if I was being vague. I don't want Struts to create a session simply by accessing an action; I want to control the number of sessions being handed out. All of my pages are using Tiles, so to call for instance the login page, which doesn't create a session; I have to call an action so that the page is rendered using the Tiles framework. A session is created by virtue of them just getting to the login page. If the user logs in successfully to the system they now have 2 sessions instead the desired result having only one that is assigned to them when they successful login. That is a waste of memory! So what I was getting at with the I don't want to piss off the users by shutting down the system while they are still on it... was that Weblogic is telling me that there are active sessions, even though I have invalidated the session once the user logs out. So I don't know if a person is still logged in, or if it is those extra sessions that are being handed out by Struts. Capiche? -Original Message- From: James Harig [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 07, 2005 9:53 AM To: Struts Users Mailing List Subject: RE: Re: Session problem Hi, Here's my take on the subject The key here is that you want the users to finish what they are doing before you let the server shut down. This means a few things: 1. If the webapp uses the concept of logging in, new login sessions shouldn't be allowed. Attempts to login should be responded to with some sort of error: The server is being shutdown... 2. Existing sessions should be invalidated as soon as their next request has been submitted, and the response should be redirected to an error message The server is being shutdown. For example, the when user clicks: check mail, a request is generated to the server(which calls a Struts action); respond to this request by invalidating the session, and redirecting to an error page. 2.a. There is an exception to this case: What if the user is in the middle of a multi-step process. For example step 2 of the shopping cart checkout process. In this case, you would want to postpone calling session.invalidate() until after the checkout transaction is complete. We will call these multi-step transactions. To facilitate these items, you will need some method of informing your webapplication that the server is going to be shutdown. One way to do this would be to set a flag in the application context; another way is to create a lock file; yet another way is to set a flag in a database. Once the webapp has been informed that the server is going to be shutdown, wait until all the user sessions have been invalidated, and shut it down. I have thought about this subject on a number of occasions, but have never implemented it. I would be glad to hear of any feedback. Thanks, James -Original Message- From: Ed Griebel [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 07, 2005 10:09 AM To: Struts Users Mailing List Subject: Re: Re: Session problem The key is to not put anything in your session. Actions are the obvious place to look for things being stuffed into the session (via request.getSession().get/setAttribute()), but you might have a filter that creates a session as part of what it does, or an action that has a session-scoped form in struts-config.xml. If you want to only test for the existance of a session in your action, don't forget to call request.getSession(false) and then check the return for null. See the javadoc: http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/http/HttpSer vletRequest.html#getSession(boolean) Also, if you have other webapps on the web server, they might be using sessions in their webapps, so anything you do in yours will be for naught. -ed On 12/6/05, Baker, Russ A [EMAIL PROTECTED] wrote: It is Weblogic. I am using a graceful shutdown so that if people still have open sessions, they can complete what they are doing. The other alternative is to force shutdown, but I am afraid I will make enemies if I do that... -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Laurie Harper Sent: Tuesday, December 06, 2005 3:53 PM To: user@struts.apache.org Subject: Re: Session problem Baker, Russ A wrote: Hello, I am trying to figure out how to stop Struts from creating a session. What seems to happen is that once I call an action, a session is created. This is a problem because when I want to gracefully shut down my server, it complains that I still have an active session. Is there a way to configure Struts so that it does not create a session when an action is called? A session is created the first time something accesses it. Since Struts stores various things in session scope, I don't think you can avoid having one created. What container are you using? It seems like an odd behaviour to refuse to shut down if there are any active sessions... Are you sure it's referring to an HTTP
RE: Re: Session problem
Hi Russ, No, sorry if I was being vague. No problem. I don't want Struts to create a session simply by accessing an action; I want to control the number of sessions being handed out. I don't believe that this is possible. The session creation happens at the servlet container level(in your case Weblogic); and sessions(if they dont exist), implicitly for each request. A session is created by virtue of them just getting to the login page. Yes, this is true. Weblogic is telling me that there are active sessions, even though I have invalidated the session once the user logs out. So I don't know if a person is still logged in, or if it is those extra sessions that are being handed out by Struts. It sounds like you need to implement the concept of LoginSession, to count the number of users that are logged in. -Original Message- From: Baker, Russ A [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 07, 2005 12:10 PM To: Struts Users Mailing List Subject: RE: Re: Session problem No, sorry if I was being vague. I don't want Struts to create a session simply by accessing an action; I want to control the number of sessions being handed out. All of my pages are using Tiles, so to call for instance the login page, which doesn't create a session; I have to call an action so that the page is rendered using the Tiles framework. A session is created by virtue of them just getting to the login page. If the user logs in successfully to the system they now have 2 sessions instead the desired result having only one that is assigned to them when they successful login. That is a waste of memory! So what I was getting at with the I don't want to piss off the users by shutting down the system while they are still on it... was that Weblogic is telling me that there are active sessions, even though I have invalidated the session once the user logs out. So I don't know if a person is still logged in, or if it is those extra sessions that are being handed out by Struts. Capiche? -Original Message- From: James Harig [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 07, 2005 9:53 AM To: Struts Users Mailing List Subject: RE: Re: Session problem Hi, Here's my take on the subject The key here is that you want the users to finish what they are doing before you let the server shut down. This means a few things: 1. If the webapp uses the concept of logging in, new login sessions shouldn't be allowed. Attempts to login should be responded to with some sort of error: The server is being shutdown... 2. Existing sessions should be invalidated as soon as their next request has been submitted, and the response should be redirected to an error message The server is being shutdown. For example, the when user clicks: check mail, a request is generated to the server(which calls a Struts action); respond to this request by invalidating the session, and redirecting to an error page. 2.a. There is an exception to this case: What if the user is in the middle of a multi-step process. For example step 2 of the shopping cart checkout process. In this case, you would want to postpone calling session.invalidate() until after the checkout transaction is complete. We will call these multi-step transactions. To facilitate these items, you will need some method of informing your webapplication that the server is going to be shutdown. One way to do this would be to set a flag in the application context; another way is to create a lock file; yet another way is to set a flag in a database. Once the webapp has been informed that the server is going to be shutdown, wait until all the user sessions have been invalidated, and shut it down. I have thought about this subject on a number of occasions, but have never implemented it. I would be glad to hear of any feedback. Thanks, James -Original Message- From: Ed Griebel [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 07, 2005 10:09 AM To: Struts Users Mailing List Subject: Re: Re: Session problem The key is to not put anything in your session. Actions are the obvious place to look for things being stuffed into the session (via request.getSession().get/setAttribute()), but you might have a filter that creates a session as part of what it does, or an action that has a session-scoped form in struts-config.xml. If you want to only test for the existance of a session in your action, don't forget to call request.getSession(false) and then check the return for null. See the javadoc: http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/http/HttpSer vletRequest.html#getSession(boolean) Also, if you have other webapps on the web server, they might be using sessions in their webapps, so anything you do in yours will be for naught. -ed On 12/6/05, Baker, Russ A [EMAIL PROTECTED] wrote: It is Weblogic. I am using a graceful shutdown so that if people still have open sessions, they can complete what they are doing. The other
RE: Re: Session problem
James Harig [EMAIL PROTECTED] wrote on 12/07/2005 11:53:15 AM: To facilitate these items, you will need some method of informing your webapplication that the server is going to be shutdown. One way to do this would be to set a flag in the application context; another way is to create a lock file; yet another way is to set a flag in a database. Could you not do this via a ServletContextListener..? I have thought about this subject on a number of occasions, but have never implemented it. I would be glad to hear of any feedback. Thanks, James Regards, Geeta
RE: Re: Session problem
I did a quick walkthrough the Struts code and it *looks* like nothing in the code should create a session for a simple request. Manually setting the locale will do it, as will having beans in session-scope, and probably a few other places, but a simple request shouldn't. I would suggest simply grabbing the source for the version your using a doing a global search for getSession(true) or getSession() and see if any of those calls will affect you. Alternatively, hook up a debugger and walk through it starting from ActionServlet.process() and see what you see. However, as another posted pointed out, accessing a JSP will create a session too, unless you specify that you do not want that. To do so, add: %@ page language=java session=false % ...to the top of the JSPs where you do not want a session created (like your login page for instance). See if that does the trick for you. I agree with others that there is probably a better way to deal with your core problem, but this might help you do what your trying to do none the less. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com AIM: fzammetti Yahoo: fzammetti MSN: [EMAIL PROTECTED] On Wed, December 7, 2005 12:25 pm, James Harig said: Hi Russ, No, sorry if I was being vague. No problem. I don't want Struts to create a session simply by accessing an action; I want to control the number of sessions being handed out. I don't believe that this is possible. The session creation happens at the servlet container level(in your case Weblogic); and sessions(if they dont exist), implicitly for each request. A session is created by virtue of them just getting to the login page. Yes, this is true. Weblogic is telling me that there are active sessions, even though I have invalidated the session once the user logs out. So I don't know if a person is still logged in, or if it is those extra sessions that are being handed out by Struts. It sounds like you need to implement the concept of LoginSession, to count the number of users that are logged in. -Original Message- From: Baker, Russ A [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 07, 2005 12:10 PM To: Struts Users Mailing List Subject: RE: Re: Session problem No, sorry if I was being vague. I don't want Struts to create a session simply by accessing an action; I want to control the number of sessions being handed out. All of my pages are using Tiles, so to call for instance the login page, which doesn't create a session; I have to call an action so that the page is rendered using the Tiles framework. A session is created by virtue of them just getting to the login page. If the user logs in successfully to the system they now have 2 sessions instead the desired result having only one that is assigned to them when they successful login. That is a waste of memory! So what I was getting at with the I don't want to piss off the users by shutting down the system while they are still on it... was that Weblogic is telling me that there are active sessions, even though I have invalidated the session once the user logs out. So I don't know if a person is still logged in, or if it is those extra sessions that are being handed out by Struts. Capiche? -Original Message- From: James Harig [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 07, 2005 9:53 AM To: Struts Users Mailing List Subject: RE: Re: Session problem Hi, Here's my take on the subject The key here is that you want the users to finish what they are doing before you let the server shut down. This means a few things: 1. If the webapp uses the concept of logging in, new login sessions shouldn't be allowed. Attempts to login should be responded to with some sort of error: The server is being shutdown... 2. Existing sessions should be invalidated as soon as their next request has been submitted, and the response should be redirected to an error message The server is being shutdown. For example, the when user clicks: check mail, a request is generated to the server(which calls a Struts action); respond to this request by invalidating the session, and redirecting to an error page. 2.a. There is an exception to this case: What if the user is in the middle of a multi-step process. For example step 2 of the shopping cart checkout process. In this case, you would want to postpone calling session.invalidate() until after the checkout transaction is complete. We will call these multi-step transactions. To facilitate these items, you will need some method of informing your webapplication that the server is going to be shutdown. One way to do this would be to set a flag in the application context; another way is to create a lock file; yet another way is to set a flag in a database. Once the webapp has been informed that the server is going to be shutdown, wait until all the user sessions have been invalidated
RE: Re: Session problem
To facilitate these items, you will need some method of informing your webapplication that the server is going to be shutdown. One way to do this would be to set a flag in the application context; another way is to create a lock file; yet another way is to set a flag in a database. Could you not do this via a ServletContextListener..? No, I don't believe that would work. The ServletContextListener.contextInitialized(..) method would be invoked as part of the web app context being shut down; but there is no way to stop the shutdown process once it starts. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 07, 2005 12:40 PM To: Struts Users Mailing List Cc: Struts Users Mailing List Subject: RE: Re: Session problem James Harig [EMAIL PROTECTED] wrote on 12/07/2005 11:53:15 AM: To facilitate these items, you will need some method of informing your webapplication that the server is going to be shutdown. One way to do this would be to set a flag in the application context; another way is to create a lock file; yet another way is to set a flag in a database. Could you not do this via a ServletContextListener..? I have thought about this subject on a number of occasions, but have never implemented it. I would be glad to hear of any feedback. Thanks, James Regards, Geeta - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Re: Session problem
James Harig [EMAIL PROTECTED] wrote on 12/07/2005 12:50:06 PM: To facilitate these items, you will need some method of informing your webapplication that the server is going to be shutdown. One way to do this would be to set a flag in the application context; another way is to create a lock file; yet another way is to set a flag in a database. Could you not do this via a ServletContextListener..? No, I don't believe that would work. The ServletContextListener. contextInitialized(..) method would be invoked as part of the web app context being shut down; but there is no way to stop the shutdown process once it starts. The API for contextDestroyed says Notification that the servlet context is about to be shut down. . Going by the about to be I would have thought the contextDestroyed method would be executed first? Geeta
RE: Re: Session problem
James Harig [EMAIL PROTECTED] wrote on 12/07/2005 12:50:06 PM: To facilitate these items, you will need some method of informing your webapplication that the server is going to be shutdown. One way to do this would be to set a flag in the application context; another way is to create a lock file; yet another way is to set a flag in a database. Could you not do this via a ServletContextListener..? No, I don't believe that would work. The ServletContextListener. contextInitialized(..) method would be invoked as part of the web app context being shut down; but there is no way to stop the shutdown process once it starts. Anyways here is a nice link about this stuff: http://www.stardeveloper.com/articles/display.html?article=200901page=1 Also talks about counting the number of active users. (I haven't looked at it myself..;)) Geeta
Re: Session problem
Baker, Russ A wrote: A session is created by virtue of them just getting to the login page. If the user logs in successfully to the system they now have 2 sessions instead the desired result having only one that is assigned to them when they successful login. That is a waste of memory! Two sessions? I don't know what you mean by that. A user has a single session. Even if they _did_ have two, once one was no longer being referenced it would (probably) be GC'd anyway. Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session problem
So then where is that straggler session coming from? -Original Message- From: Dave Newton [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 07, 2005 11:34 AM To: Struts Users Mailing List Subject: Re: Session problem Baker, Russ A wrote: A session is created by virtue of them just getting to the login page. If the user logs in successfully to the system they now have 2 sessions instead the desired result having only one that is assigned to them when they successful login. That is a waste of memory! Two sessions? I don't know what you mean by that. A user has a single session. Even if they _did_ have two, once one was no longer being referenced it would (probably) be GC'd anyway. Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session problem
It is likely created for reasons of security. Consider this scenario: 1. User accesses app without encryption, gets a session 2. Theif is watching traffic and grabs their jsessionid 3. User logs into app via encrypted connection 4. Hacker now has access to logged-in session via the jsessionid he grabbed earlier To combat this scenario, the container will create a new session when the user authenticates. Presumably, this new sessionid will never be sent over the network without encryption, so the logged-in session is safe. So, I realize that doesn't solve you issue at all, but I think that is why you are seeing two sessions per user (rather than just one). -Max On Wed, 2005-12-07 at 11:36 -0700, Baker, Russ A wrote: So then where is that straggler session coming from? -Original Message- From: Dave Newton [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 07, 2005 11:34 AM To: Struts Users Mailing List Subject: Re: Session problem Baker, Russ A wrote: A session is created by virtue of them just getting to the login page. If the user logs in successfully to the system they now have 2 sessions instead the desired result having only one that is assigned to them when they successful login. That is a waste of memory! Two sessions? I don't know what you mean by that. A user has a single session. Even if they _did_ have two, once one was no longer being referenced it would (probably) be GC'd anyway. Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session problem
What server are you using? Baker, Russ A wrote: Hello, I am trying to figure out how to stop Struts from creating a session. What seems to happen is that once I call an action, a session is created. This is a problem because when I want to gracefully shut down my server, it complains that I still have an active session. Is there a way to configure Struts so that it does not create a session when an action is called? Thanks in advance, Russ Baker - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session problem
Baker, Russ A wrote: Hello, I am trying to figure out how to stop Struts from creating a session. What seems to happen is that once I call an action, a session is created. This is a problem because when I want to gracefully shut down my server, it complains that I still have an active session. Is there a way to configure Struts so that it does not create a session when an action is called? A session is created the first time something accesses it. Since Struts stores various things in session scope, I don't think you can avoid having one created. What container are you using? It seems like an odd behaviour to refuse to shut down if there are any active sessions... Are you sure it's referring to an HTTP session (as opposed, for example, to a Hibernate session or something)? L. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Re: Session problem
It is Weblogic. I am using a graceful shutdown so that if people still have open sessions, they can complete what they are doing. The other alternative is to force shutdown, but I am afraid I will make enemies if I do that... -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Laurie Harper Sent: Tuesday, December 06, 2005 3:53 PM To: user@struts.apache.org Subject: Re: Session problem Baker, Russ A wrote: Hello, I am trying to figure out how to stop Struts from creating a session. What seems to happen is that once I call an action, a session is created. This is a problem because when I want to gracefully shut down my server, it complains that I still have an active session. Is there a way to configure Struts so that it does not create a session when an action is called? A session is created the first time something accesses it. Since Struts stores various things in session scope, I don't think you can avoid having one created. What container are you using? It seems like an odd behaviour to refuse to shut down if there are any active sessions... Are you sure it's referring to an HTTP session (as opposed, for example, to a Hibernate session or something)? L. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session problem
Your second post seems to contradict your first post. The users are going to more mad at losing their session or the application entirely? Do you mean you want the sessions to persist through server restart? I have no idea if Weblogic supports that. A hacky solution off the top of my head would be to set the session timeout extremely low. Like zero or 1 second, I guess the sessions wouldn't be around for that long. This solution may have unintended side effects as many of my hacky solutions do. Ross Baker, Russ A wrote: It is Weblogic. I am using a graceful shutdown so that if people still have open sessions, they can complete what they are doing. The other alternative is to force shutdown, but I am afraid I will make enemies if I do that... -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Laurie Harper Sent: Tuesday, December 06, 2005 3:53 PM To: user@struts.apache.org Subject: Re: Session problem Baker, Russ A wrote: Hello, I am trying to figure out how to stop Struts from creating a session. What seems to happen is that once I call an action, a session is created. This is a problem because when I want to gracefully shut down my server, it complains that I still have an active session. Is there a way to configure Struts so that it does not create a session when an action is called? A session is created the first time something accesses it. Since Struts stores various things in session scope, I don't think you can avoid having one created. What container are you using? It seems like an odd behaviour to refuse to shut down if there are any active sessions... Are you sure it's referring to an HTTP session (as opposed, for example, to a Hibernate session or something)? L. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session problem
The session is not created by Struts, it is the behaviour of web (servlet) container. http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/http/HttpSession.html http://e-docs.bea.com/wls/docs81/servlet/progtasks.html#159622 However, you can configure Session Persistence with WebLogic Server, http://e-docs.bea.com/wls/docs81/webapp/sessions.html#session-persistence Regards On 12/7/05, Baker, Russ A [EMAIL PROTECTED] wrote: Hello, I am trying to figure out how to stop Struts from creating a session. What seems to happen is that once I call an action, a session is created. This is a problem because when I want to gracefully shut down my server, it complains that I still have an active session. Is there a way to configure Struts so that it does not create a session when an action is called? Thanks in advance, Russ Baker -- Yujun Liang [EMAIL PROTECTED]
Re: Session-Problem
Hello, I have the same problem some days ago. I found two solutions: using https(SSL) in the web server (if SSL really fits to your application security requirements), since SSL web pages are not cached, or telling the browser to don't cache the JSP page, so when the user clicks the back button the browser will have to send a request. response.setHeader(Cache-Control,no-cache); //Forces caches to obtain a new copy of the page from the origin server response.setHeader(Cache-Control,no-store); //Directs caches not to store the page under any circumstance response.setDateHeader(Expires, 0); //Causes the proxy cache to see the page as stale response.setHeader(Pragma,no-cache); //HTTP 1.0 backward compatibility More details on: http://www.javaworld.com/javaworld/jw-09-2004/jw-0927-logout.html Jorge. Mohan escribió: Hi All, I have problem in my application.In My application I have login and log out functionality.When user clicks log-out I am removing the session and I am redirectiong to Login page.So far it is working fine.But problem starts here.If user clicks the back button of browser window.He is able to see the last visited page .But I want to restrict him like ,once the user is logged out .and if he clicks the back button I want him to redirect to the login page or showing some message. thanks and regards, Mohan. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session-Problem
Hi, Try the following in yor struts-config file: controller nocache=true/ According to the struts-config.dtd file: nocache Set to true if you want the controller to add HTTP headers for defeating caching to every response from this module. [false] It should help. Regards, -- Viktar - Original Message - From: Jorge Chacón Souto [EMAIL PROTECTED] To: Struts Users Mailing List user@struts.apache.org Sent: Tuesday, May 24, 2005 9:56 AM Subject: Re: Session-Problem Hello, I have the same problem some days ago. I found two solutions: using https(SSL) in the web server (if SSL really fits to your application security requirements), since SSL web pages are not cached, or telling the browser to don't cache the JSP page, so when the user clicks the back button the browser will have to send a request. response.setHeader(Cache-Control,no-cache); //Forces caches to obtain a new copy of the page from the origin server response.setHeader(Cache-Control,no-store); //Directs caches not to store the page under any circumstance response.setDateHeader(Expires, 0); //Causes the proxy cache to see the page as stale response.setHeader(Pragma,no-cache); //HTTP 1.0 backward compatibility More details on: http://www.javaworld.com/javaworld/jw-09-2004/jw-0927-logout.html Jorge. Mohan escribió: Hi All, I have problem in my application.In My application I have login and log out functionality.When user clicks log-out I am removing the session and I am redirectiong to Login page.So far it is working fine.But problem starts here.If user clicks the back button of browser window.He is able to see the last visited page .But I want to restrict him like ,once the user is logged out .and if he clicks the back button I want him to redirect to the login page or showing some message. thanks and regards, Mohan. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session-problem
When you switch from session to request, do you remember to change the scope where you set the form in your action class? What I mean is, in your action class, you should also change session.setAttribute(exForm, exForm); to request.setAttribute(exForm, exForm); Hubert On 5/16/05, Mohan [EMAIL PROTECTED] wrote: Hi, I created a jsp page as follows, html:text property='pr' / in the struts-config filie My action-mapping is as follows action path=/ex.do type=com.ex.ex1.ex1.actions.ExAction name=exForm parameter=method scope=session validate=false forward name=exfarward path=/jsp/ex.jsp/ /action I am retriving the values from Database and I am setting it using the set method. But if I keep the form bean scope in session,It is showing the value in the text box.If I keep the form bean scope in the request it is not showing the value. Thanks, Mohan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session-problem
Mohan wrote the following on 5/16/2005 3:37 AM: I am retriving the values from Database and I am setting it using the set method. But if I keep the form bean scope in session,It is showing the value in the text box.If I keep the form bean scope in the request it is not showing the value. Could you explain a bit more the flow of your pages? And when you say: I am retriving the values from Database and I am setting it using the set method what does that mean? How does your form look on the page that you are saying only shows a session based form? -- Rick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session problem
Hi, same thing i have experienced with IE 6.0, it will work with mozilla Problem is that with each request session id is not passed. You need to explicitly pass it as url parameter. http://dbomis.com/anyLink;jsessionid=A0698B81A1F1AA2B1ECDA19B0ACFD6E2 Nikhil Shailender Jain [EMAIL PROTECTED] wrote: I am using session object in my application to validate whether the user is valid or not. I am doing this in the processPreprocess() method of RequestProcessor. But in I.E. 6.0 update version: SP1, the session object becomes null. So once user click at any link in the application he gets logged out. The system admin has also done the following configuration 1. I installed the application on a machine having the IP (10.1.252.41). The system admin made a virtual IP (10.1.252.42) and gave me a DSN dbomis.com which can be used to access the application. This DSN points to virtual IP. 2. Now when i access the application using http://10.1.252.41/ or http://10.1.252.42/; in IE 6.0 SP1 then it works ok. 3. When i use the http://dbomis.com/; then the login page come. User is able to login (processPreprocess() method does not check for session while user is logging in). But when the user clicks on any link the session becomes null so the user is logged out of the application. This problem happens only on I.E. update version SP1. On I.E 5.5 this url works ok. Anyone has got any idea why this must be happening Yahoo! India Matrimony: Find your partner online.
RE: session problem
The servlet container will try to encode this sessionId in a cookie if it can (saving the need to rewrite links) so you may wish to check the browser settings to see if cookies are enabled. (Its best to make sure you use the html:rewrite tag (or equivelent) for your links though so that your app will support users when they have cookies disabled). -Original Message- From: nikhil walvekar [mailto:[EMAIL PROTECTED] Sent: Friday, 11 June 2004 17:34 To: Struts Users Mailing List Subject: Re: session problem Hi, same thing i have experienced with IE 6.0, it will work with mozilla Problem is that with each request session id is not passed. You need to explicitly pass it as url parameter. http://dbomis.com/anyLink;jsessionid=A0698B81A1F1AA2B1ECDA19B0ACFD6E2 Nikhil Shailender Jain [EMAIL PROTECTED] wrote: I am using session object in my application to validate whether the user is valid or not. I am doing this in the processPreprocess() method of RequestProcessor. But in I.E. 6.0 update version: SP1, the session object becomes null. So once user click at any link in the application he gets logged out. The system admin has also done the following configuration 1. I installed the application on a machine having the IP (10.1.252.41). The system admin made a virtual IP (10.1.252.42) and gave me a DSN dbomis.com which can be used to access the application. This DSN points to virtual IP. 2. Now when i access the application using http://10.1.252.41/ or http://10.1.252.42/; in IE 6.0 SP1 then it works ok. 3. When i use the http://dbomis.com/; then the login page come. User is able to login (processPreprocess() method does not check for session while user is logging in). But when the user clicks on any link the session becomes null so the user is logged out of the application. This problem happens only on I.E. update version SP1. On I.E 5.5 this url works ok. Anyone has got any idea why this must be happening Yahoo! India Matrimony: Find your partner online. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session problem
Thanks Andrew for the response. Should i just put html:rewrite/ in all my JSP or some attributed also needs to be passed. Where should i put this tag in the JSP. Andrew Hill wrote: The servlet container will try to encode this sessionId in a cookie if it can (saving the need to rewrite links) so you may wish to check the browser settings to see if cookies are enabled. (Its best to make sure you use the html:rewrite tag (or equivelent) for your links though so that your app will support users when they have cookies disabled). -Original Message- From: nikhil walvekar [mailto:[EMAIL PROTECTED] Sent: Friday, 11 June 2004 17:34 To: Struts Users Mailing List Subject: Re: session problem Hi, same thing i have experienced with IE 6.0, it will work with mozilla Problem is that with each request session id is not passed. You need to explicitly pass it as url parameter. http://dbomis.com/anyLink;jsessionid=A0698B81A1F1AA2B1ECDA19B0ACFD6E2 Nikhil Shailender Jain [EMAIL PROTECTED] wrote: I am using session object in my application to validate whether the user is valid or not. I am doing this in the processPreprocess() method of RequestProcessor. But in I.E. 6.0 update version: SP1, the session object becomes null. So once user click at any link in the application he gets logged out. The system admin has also done the following configuration 1. I installed the application on a machine having the IP (10.1.252.41). The system admin made a virtual IP (10.1.252.42) and gave me a DSN dbomis.com which can be used to access the application. This DSN points to virtual IP. 2. Now when i access the application using http://10.1.252.41/ or http://10.1.252.42/; in IE 6.0 SP1 then it works ok. 3. When i use the http://dbomis.com/; then the login page come. User is able to login (processPreprocess() method does not check for session while user is logging in). But when the user clicks on any link the session becomes null so the user is logged out of the application. This problem happens only on I.E. update version SP1. On I.E 5.5 this url works ok. Anyone has got any idea why this must be happening Yahoo! India Matrimony: Find your partner online. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session problem
The syntax I forget (I dont use JSP for the view myself), so you will need to look that up, but where you have links in your pages you would use the html:rewrite tag to rewrite the url (or you could use html:link to render the entire link) so that it will include the jsessionid if necessary. Take a look at the docs for these two tags as theres quite a few other things they can do for you to. (Like getting the url from a named actionforward appending other parameters etc...) If your working in Java code (such as in an action) take a look at the HttpServletResponse.encodeURL() method. [http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/http/HttpServle tResponse.html] -Original Message- From: Shailender Jain [mailto:[EMAIL PROTECTED] Sent: Friday, 11 June 2004 17:51 To: Struts Users Mailing List Subject: Re: session problem Thanks Andrew for the response. Should i just put html:rewrite/ in all my JSP or some attributed also needs to be passed. Where should i put this tag in the JSP. Andrew Hill wrote: The servlet container will try to encode this sessionId in a cookie if it can (saving the need to rewrite links) so you may wish to check the browser settings to see if cookies are enabled. (Its best to make sure you use the html:rewrite tag (or equivelent) for your links though so that your app will support users when they have cookies disabled). -Original Message- From: nikhil walvekar [mailto:[EMAIL PROTECTED] Sent: Friday, 11 June 2004 17:34 To: Struts Users Mailing List Subject: Re: session problem Hi, same thing i have experienced with IE 6.0, it will work with mozilla Problem is that with each request session id is not passed. You need to explicitly pass it as url parameter. http://dbomis.com/anyLink;jsessionid=A0698B81A1F1AA2B1ECDA19B0ACFD6E2 Nikhil Shailender Jain [EMAIL PROTECTED] wrote: I am using session object in my application to validate whether the user is valid or not. I am doing this in the processPreprocess() method of RequestProcessor. But in I.E. 6.0 update version: SP1, the session object becomes null. So once user click at any link in the application he gets logged out. The system admin has also done the following configuration 1. I installed the application on a machine having the IP (10.1.252.41). The system admin made a virtual IP (10.1.252.42) and gave me a DSN dbomis.com which can be used to access the application. This DSN points to virtual IP. 2. Now when i access the application using http://10.1.252.41/ or http://10.1.252.42/; in IE 6.0 SP1 then it works ok. 3. When i use the http://dbomis.com/; then the login page come. User is able to login (processPreprocess() method does not check for session while user is logging in). But when the user clicks on any link the session becomes null so the user is logged out of the application. This problem happens only on I.E. update version SP1. On I.E 5.5 this url works ok. Anyone has got any idea why this must be happening Yahoo! India Matrimony: Find your partner online. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session problem
I tried to use 1. html:rewrite/ 2. html:rewrite forward=DBOMISRequestProcessor/ Both are giving errors For the second option i am getting the error java.net.MalformedURLException: Cannot retrive ActionForward named DBOMISRequestProcessor Andrew Hill wrote: The servlet container will try to encode this sessionId in a cookie if it can (saving the need to rewrite links) so you may wish to check the browser settings to see if cookies are enabled. (Its best to make sure you use the html:rewrite tag (or equivelent) for your links though so that your app will support users when they have cookies disabled). -Original Message- From: nikhil walvekar [mailto:[EMAIL PROTECTED] Sent: Friday, 11 June 2004 17:34 To: Struts Users Mailing List Subject: Re: session problem Hi, same thing i have experienced with IE 6.0, it will work with mozilla Problem is that with each request session id is not passed. You need to explicitly pass it as url parameter. http://dbomis.com/anyLink;jsessionid=A0698B81A1F1AA2B1ECDA19B0ACFD6E2 Nikhil Shailender Jain [EMAIL PROTECTED] wrote: I am using session object in my application to validate whether the user is valid or not. I am doing this in the processPreprocess() method of RequestProcessor. But in I.E. 6.0 update version: SP1, the session object becomes null. So once user click at any link in the application he gets logged out. The system admin has also done the following configuration 1. I installed the application on a machine having the IP (10.1.252.41). The system admin made a virtual IP (10.1.252.42) and gave me a DSN dbomis.com which can be used to access the application. This DSN points to virtual IP. 2. Now when i access the application using http://10.1.252.41/ or http://10.1.252.42/; in IE 6.0 SP1 then it works ok. 3. When i use the http://dbomis.com/; then the login page come. User is able to login (processPreprocess() method does not check for session while user is logging in). But when the user clicks on any link the session becomes null so the user is logged out of the application. This problem happens only on I.E. update version SP1. On I.E 5.5 this url works ok. Anyone has got any idea why this must be happening Yahoo! India Matrimony: Find your partner online. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
