I _don't_ think you are right. A session object exsists with and without struts. The documentation says:
-->
The Hypertext Transfer Protocol (HTTP) is by design a stateless protocol. To build
effective web applications, it is imperative that requests from a particular client be
associated with each other. Many strategies for session tracking have evolved over
time, but all are difficult or troublesome for the programmer to use directly.
This specification defines a simple HttpSession interface that allows a servlet
container to use any of several approaches to track a user’s session without
involving the Application Developer in the nuances of any one approach.
<--
The session is more than the attributes, struts can put into it ;-)
Manfred
HG wrote:
Hi Manfred
I think Nicolas is trying to find all places where Struts manipulates the session in some way..
Locale=True does indeed manipulate the session..thus resulting in the session being created, if not already there.
When no one (action, object, tag, whatever) has requested attributes to be stored in the session, no session object will exist..Session info (cookie, URL rewriting, etc) is only created if there are attributes on the Session object. Am I correct on this one??
I don't understand WHY Nicolas does not want the session to be created...Is it because of memory usage...denial of service attacks...?
Maybe, I don't understand, Nicolas, too...but it did gave my few pennies away :-)
Regards
Henrik
----- Original Message ----- From: "Manfred Wolff" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Thursday, January 08, 2004 3:22 PM
Subject: Re: Configuring Struts NOT to create (unauthentified) sessions
Nicolas.As far as I understand Struts code, I need to
I perhaps don't understand you. but (!) The locale attribut has nothing to do with creating sessions! The locale attribute tells struts to save a Locale-Object in the session, if there is nothing stored.
Manfred
Nicolas De Loof wrote:
Hy all,
I would like Struts NOT to create a session for an unauthentified user.
action-mapping declared as scope="session") ?set locale="false" in struts-config.xml <controller>.
Is they're any ohter Struts mecanism that can create a session (excluding
application to attack ? (server Out of Memory becauseDoesn't the "locale" default value (true) expose lot's of struts
Service" ?)to much sessions have been created - isn't this what is called "Deny Of
geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oderNico.--
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
===========================================
Dipl.-Inf. Manfred Wolff
-------------------------------------------
phone neusta : +49 421 20696-27
phone : +49 421 534522
mobil : +49 178 49 18 434
eFax : +49 1212 6 626 63 965 33
-------------------------------------------
____________________________________________________
Diese E-Mail enthält möglicherweise vertrauliche und/oder rechtlich
diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den
Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die
unbefugte Weitergabe dieser Mail ist nicht gestattet.
This e-mail may contain confidential and/or privileged information. If youare not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. Any
unauthorised copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- =========================================== Dipl.-Inf. Manfred Wolff ------------------------------------------- phone neusta : +49 421 20696-27 phone : +49 421 534522 mobil : +49 178 49 18 434 eFax : +49 1212 6 626 63 965 33 ------------------------------------------- ____________________________________________________ Diese E-Mail enthält möglicherweise vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
