A session CONTEXT is created when some code uses
request.getSession() or request.getSession(true)
session tracking (using coockie or URL rewriting) is used keep association between
user and contexte. Session tracking
mecanism use a random number generator but doesn't use memory to store some data until
a CONTEXT is created.
Nico.
> HG.
>
> I _don't_ think you are right. A session object exsists with and without
> struts. The documentation says:
>
> -->
> The Hypertext Transfer Protocol (HTTP) is by design a stateless
> protocol. To build
> effective web applications, it is imperative that requests from a
> particular client be
> associated with each other. Many strategies for session tracking have
> evolved over
> time, but all are difficult or troublesome for the programmer to use
> directly.
> This specification defines a simple HttpSession interface that allows a
> servlet
> container to use any of several approaches to track a user’s session without
> involving the Application Developer in the nuances of any one approach.
> <--
>
> The session is more than the attributes, struts can put into it ;-)
>
> Manfred
>
> HG wrote:
>
> >Hi Manfred
> >
> >I think Nicolas is trying to find all places where Struts manipulates the
> >session in some way..
> >
> >Locale=True does indeed manipulate the session..thus resulting in the
> >session being created, if not already there.
> >
> >When no one (action, object, tag, whatever) has requested attributes to be
> >stored in the session, no session object will exist..Session info (cookie,
> >URL rewriting, etc) is only created if there are attributes on the Session
> >object. Am I correct on this one??
> >
> >I don't understand WHY Nicolas does not want the session to be created...Is
> >it because of memory usage...denial of service attacks...?
> >
> >Maybe, I don't understand, Nicolas, too...but it did gave my few pennies
> >away :-)
> >
> >Regards
> >
> >Henrik
> >
> >----- Original Message -----
> >From: "Manfred Wolff" <[EMAIL PROTECTED]>
> >To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
> >Sent: Thursday, January 08, 2004 3:22 PM
> >Subject: Re: Configuring Struts NOT to create (unauthentified) sessions
> >
> >
> >
> >
> >>Nicolas.
> >>
> >>I perhaps don't understand you. but (!) The locale attribut has nothing
> >>to do with creating sessions! The locale attribute tells struts to save
> >>a Locale-Object in the session, if there is nothing stored.
> >>
> >>Manfred
> >>
> >>Nicolas De Loof wrote:
> >>
> >>
> >>
> >>>Hy all,
> >>>
> >>>I would like Struts NOT to create a session for an unauthentified user.
> >>>
> >>>
> >As far as I understand Struts code, I need to
> >
> >
> >>>set locale="false" in struts-config.xml <controller>.
> >>>
> >>>Is they're any ohter Struts mecanism that can create a session (excluding
> >>>
> >>>
> >action-mapping declared as scope="session") ?
> >
> >
> >>>Doesn't the "locale" default value (true) expose lot's of struts
> >>>
> >>>
> >application to attack ? (server Out of Memory because
> >
> >
> >>>to much sessions have been created - isn't this what is called "Deny Of
> >>>
> >>>
> >Service" ?)
> >
> >
> >>>Nico.
> >>>
> >>>
> >>>---------------------------------------------------------------------
> >>>To unsubscribe, e-mail: [EMAIL PROTECTED]
> >>>For additional commands, e-mail: [EMAIL PROTECTED]
> >>>
> >>>
> >>>
> >>>
> >>>
> >>--
> >>===========================================
> >>Dipl.-Inf. Manfred Wolff
> >>-------------------------------------------
> >>phone neusta : +49 421 20696-27
> >>phone : +49 421 534522
> >>mobil : +49 178 49 18 434
> >>eFax : +49 1212 6 626 63 965 33
> >>-------------------------------------------
> >>____________________________________________________
> >>Diese E-Mail enthält möglicherweise vertrauliche und/oder rechtlich
> >>
> >>
> >geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder
> >diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den
> >Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die
> >unbefugte Weitergabe dieser Mail ist nicht gestattet.
> >
> >
> >>This e-mail may contain confidential and/or privileged information. If you
> >>
> >>
> >are not the intended recipient (or have received this e-mail in error)
> >please notify the sender immediately and destroy this e-mail. Any
> >unauthorised copying, disclosure or distribution of the material in this
> >e-mail is strictly forbidden.
> >
> >
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: [EMAIL PROTECTED]
> >>For additional commands, e-mail: [EMAIL PROTECTED]
> >>
> >>
> >>
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: [EMAIL PROTECTED]
> >For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
>
> --
> ===========================================
> Dipl.-Inf. Manfred Wolff
> -------------------------------------------
> phone neusta : +49 421 20696-27
> phone : +49 421 534522
> mobil : +49 178 49 18 434
> eFax : +49 1212 6 626 63 965 33
> -------------------------------------------
> ____________________________________________________
> Diese E-Mail enthält möglicherweise vertrauliche und/oder rechtlich geschützte
> Informationen. Wenn Sie nicht der
richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie
bitte sofort den Absender und
vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe
dieser Mail ist nicht gestattet.
>
> This e-mail may contain confidential and/or privileged information. If you are not
> the intended recipient (or have
received this e-mail in error) please notify the sender immediately and destroy this
e-mail. Any unauthorised copying,
disclosure or distribution of the material in this e-mail is strictly forbidden.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
