1. Is user logged in, yes forward to resource, no go to 2.
2. Forward to login page with the url the user wants to go to.
3. User logs in and login action sends them to url stored in step 2.
This handles not only form submission but clicking links as well. You'll probably have to set your form's method to "get" so the parameters are in the url's query string for the login action to see.
David
From: "Michael Lee" <[EMAIL PROTECTED]>
Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Subject: Re: Request losing data after container security check
Date: Thu, 5 Dec 2002 10:59:36 -0500
Its an http request. It should't matter if the session times out or not.
a.jsp is posting data to a.do through an http request. If we have container
managed security it should just forward the data.
"When the container times out the session it doesn't touch the browser. When
the user clicks on a field to create an action the request is still
available to the container. "
Ya, that's why I'm so perplexed? The user typed in the info, leaves to make
a sandwich, comes back and clicks submit. Regardless of session timeout, if
this is an http request it should alway work the same except maybe with a
login before it shows the results.
thanks,
Mike
----- Original Message -----
From: "edgar" <[EMAIL PROTECTED]>
To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]>
Sent: Wednesday, December 04, 2002 7:22 PM
Subject: RE: Request losing data after container security check
> If you care enough about this situation you can satisfy most of it with
> an authentication filter and a custom logon action.
>
> When the container times out the session it doesn't touch the browser.
> When the user clicks on a field to create an action the request is still
> available to the container. If you write your own authentication
> filter, you can take what you need from the request and stick it
> someplace until the user establishes a valid session. When the user has
> established the session then you grab it and put him back where he was.
>
> Edgar
>
> -----Original Message-----
> From: David Graham [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, December 04, 2002 4:59 PM
> To: '[EMAIL PROTECTED]'
> Subject: Re: Request losing data after container security check
>
>
> That's the way session time outs are supposed to work. This is a
> security
> feature when people leave in the middle of something. The user must
> complete the transaction in one sitting.
>
> If you don't want that to happen then set your session timeout to an
> incredibly large number of minutes or (I think) entering 0 disables it
> on
> some containers.
>
> David
>
>
>
>
>
>
> >From: "Michael Lee" <[EMAIL PROTECTED]>
> >Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
> >To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
> >Subject: Re: Request losing data after container security check
> >Date: Wed, 4 Dec 2002 16:50:40 -0500
> >
> >i know.
> >a.jsp calls a.do which forwards to b.jsp
> >user enters data in a.jsp
> >user leaves
> >session times out
> >user clicks submit on a.jsp
> >a.do action is of scope request
> >when we get to b.jsp, it should display the data entered on a.jsp
> >(verify
> >screen)
> >it does not if the session times out and the user has to log in again
> >thanks,
> >Mike
> >
> >----- Original Message -----
> >From: "David Graham" <[EMAIL PROTECTED]>
> >To: <[EMAIL PROTECTED]>
> >Sent: Wednesday, December 04, 2002 4:09 PM
> >Subject: Re: Request losing data after container security check
> >
> >
> > > The session only times out if it's idle; it won't timeout in mid
> >request.
> > > You lose session data when it times out. You lose request data
> > > after
> >the
> > > response has been sent for a particular request.
> > >
> > > David
> > >
> > >
> > >
> > >
> > >
> > >
> > > >From: "Michael Lee" <[EMAIL PROTECTED]>
> > > >Reply-To: "Struts Users Mailing List"
> > > ><[EMAIL PROTECTED]>
> > > >To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
> > > >Subject: Re: Request losing data after container security check
> > > >Date: Wed, 4 Dec 2002 15:48:15 -0500
> > > >
> > > >?This doesnt sound right.
> > > >Its just an http request. It shouldn't lose anything except session
> >data.
> > > >The container should route the http request and all the request
> > > >items
> >from
> > > >the form.
> > > >thanks,
> > > >Mike
> > > >
> > > >----- Original Message -----
> > > >From: "David Graham" <[EMAIL PROTECTED]>
> > > >To: <[EMAIL PROTECTED]>
> > > >Sent: Wednesday, December 04, 2002 3:03 PM
> > > >Subject: Re: Request losing data after container security check
> > > >
> > > >
> > > > > If the session times out then you probably want the user to go
> > > > > back
> >to
> > > >the
> > > > > start page anyways. Request data is only stored by the
> > > > > container
> >long
> > > > > enough to complete a request for one page so it won't be around
> >after
> > > >that
> > > > > request.
> > > > >
> > > > > David
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > >From: "Michael Lee" <[EMAIL PROTECTED]>
> > > > > >Reply-To: "Struts Users Mailing List"
> ><[EMAIL PROTECTED]>
> > > > > >To: "Struts Users Mailing List"
> > > > > ><[EMAIL PROTECTED]>
> > > > > >Subject: Request losing data after container security check
> > > > > >Date: Wed, 4 Dec 2002 14:27:16 -0500
> > > > > >
> > > > > >I have a screen a.jsp that calls a.do which then forwards to
> > > > > >b.jsp I have a form called AForm.java. I have a field called
> > > > > >email in
> > > >AForm.java.
> > > > > >In a.jsp a user can set email, call a.do and then forward to
> > > > > >b.jsp
> > > >which
> > > > > >does a <bean:write name="aForm" property="email"/>. This works
> > > > > >just
> > > >fine
> > > > > >and outputs the email.
> > > > > >Problem is, if the session times out (15 mins) then the user is
> > > >required
> > > >to
> > > > > >log back in. If the data is entered on a.jsp and the session
> > > > > >times
> >out
> > > >and
> > > > > >the user clicks submit, then when it gets to b.jsp it doesn't
> > > > > >have
> >any
> > > > > >data? In the struts config a.do is of scope="request". I would
> >think
> > > >that
> > > >a
> > > > > >request would keep that data unlike scope="session".
> > > > > >I want to keep the data upon submit, even if the container
> > > > > >wants to validate the user. thanks,
> > > > > >Mike
> > > > >
> > > > >
> > > > >
> _________________________________________________________________
> > > > > The new MSN 8: advanced junk mail protection and 2 months FREE*
> > > > > http://join.msn.com/?page=features/junkmail
> > > > >
> > > > >
> > > > > --
> > > > > To unsubscribe, e-mail:
> > > ><mailto:[EMAIL PROTECTED]>
> > > > > For additional commands, e-mail:
> > > ><mailto:[EMAIL PROTECTED]>
> > > > >
> > > >
> > > >--
> > > >To unsubscribe, e-mail:
> > > ><mailto:[EMAIL PROTECTED]>
> > > >For additional commands, e-mail:
> > > ><mailto:[EMAIL PROTECTED]>
> > >
> > >
> > > _________________________________________________________________
> > > Add photos to your e-mail with MSN 8. Get 2 months FREE*.
> > > http://join.msn.com/?page=features/featuredemail
> > >
> > >
> > > --
> > > To unsubscribe, e-mail:
> ><mailto:[EMAIL PROTECTED]>
> > > For additional commands, e-mail:
> ><mailto:[EMAIL PROTECTED]>
> > >
> >
> >--
> >To unsubscribe, e-mail:
> ><mailto:[EMAIL PROTECTED]>
> >For additional commands, e-mail:
> ><mailto:[EMAIL PROTECTED]>
>
>
> _________________________________________________________________
> Protect your PC - get McAfee.com VirusScan Online
> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
>
>
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
>
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
