The application never gets to the controller once the session expires. The servlet container does not allow it through, it just simply sends it on to the login page until authenticationn completes and then it sends it to the controller (or whatever) as planned. I was hoping that there would be some built in feature or round about way to determine this.
I'm beginning to think there is no simple answer to this. I like container managed auth. but it seems limited when you want to add functionality around it. -----Original Message----- From: Michael Weller [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 07, 2002 5:41 PM To: [EMAIL PROTECTED] Subject: Re: Session Timeout and Container Authentication hi! see inlined comments > >i could think of two ways: > >1. use "hidden fields" to set a field indicating that the user already had > >a session. > >-How would the login jsp (form-based logon) have access to this info? The >container stores the original url and parameters somewhere and then forwards >the user on to the login page for authentication, only after successful >authentication is the original url and parameters reinstated. This would >also involve modifying every submittable form and hyperlink with this param, >would it? didn't know that; what about that: controller receives a request with attributes added indicating that the user actually has a session, but the session is invalid (or there is none) so the controller knows that the user must be forwarded to page saying that he needs to login again; if the value of the hidden field is missing, the controller knows that the user didn't log in before. > >2. use "url rewriting" in your app: if you get a request with an > >invalid(ed) session id, you know the session timed out. > can anybody please clarify the following??? >can anybody please clarify this: if a session timed out, the client doesn't >know anything about this, so it should send the session with the following >request, right? -mw ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
