A session CONTEXT is created when some code uses request.getSession() or request.getSession(true)
session tracking (using coockie or URL rewriting) is used keep association between user and contexte. Session tracking mecanism use a random number generator but doesn't use memory to store some data until a CONTEXT is created. Nico. > HG. > > I _don't_ think you are right. A session object exsists with and without > struts. The documentation says: > > --> > The Hypertext Transfer Protocol (HTTP) is by design a stateless > protocol. To build > effective web applications, it is imperative that requests from a > particular client be > associated with each other. Many strategies for session tracking have > evolved over > time, but all are difficult or troublesome for the programmer to use > directly. > This specification defines a simple HttpSession interface that allows a > servlet > container to use any of several approaches to track a user’s session without > involving the Application Developer in the nuances of any one approach. > <-- > > The session is more than the attributes, struts can put into it ;-) > > Manfred > > HG wrote: > > >Hi Manfred > > > >I think Nicolas is trying to find all places where Struts manipulates the > >session in some way.. > > > >Locale=True does indeed manipulate the session..thus resulting in the > >session being created, if not already there. > > > >When no one (action, object, tag, whatever) has requested attributes to be > >stored in the session, no session object will exist..Session info (cookie, > >URL rewriting, etc) is only created if there are attributes on the Session > >object. Am I correct on this one?? > > > >I don't understand WHY Nicolas does not want the session to be created...Is > >it because of memory usage...denial of service attacks...? > > > >Maybe, I don't understand, Nicolas, too...but it did gave my few pennies > >away :-) > > > >Regards > > > >Henrik > > > >----- Original Message ----- > >From: "Manfred Wolff" <[EMAIL PROTECTED]> > >To: "Struts Users Mailing List" <[EMAIL PROTECTED]> > >Sent: Thursday, January 08, 2004 3:22 PM > >Subject: Re: Configuring Struts NOT to create (unauthentified) sessions > > > > > > > > > >>Nicolas. > >> > >>I perhaps don't understand you. but (!) The locale attribut has nothing > >>to do with creating sessions! The locale attribute tells struts to save > >>a Locale-Object in the session, if there is nothing stored. > >> > >>Manfred > >> > >>Nicolas De Loof wrote: > >> > >> > >> > >>>Hy all, > >>> > >>>I would like Struts NOT to create a session for an unauthentified user. > >>> > >>> > >As far as I understand Struts code, I need to > > > > > >>>set locale="false" in struts-config.xml <controller>. > >>> > >>>Is they're any ohter Struts mecanism that can create a session (excluding > >>> > >>> > >action-mapping declared as scope="session") ? > > > > > >>>Doesn't the "locale" default value (true) expose lot's of struts > >>> > >>> > >application to attack ? (server Out of Memory because > > > > > >>>to much sessions have been created - isn't this what is called "Deny Of > >>> > >>> > >Service" ?) > > > > > >>>Nico. > >>> > >>> > >>>--------------------------------------------------------------------- > >>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >>> > >>> > >>> > >>> > >>-- > >>=========================================== > >>Dipl.-Inf. Manfred Wolff > >>------------------------------------------- > >>phone neusta : +49 421 20696-27 > >>phone : +49 421 534522 > >>mobil : +49 178 49 18 434 > >>eFax : +49 1212 6 626 63 965 33 > >>------------------------------------------- > >>____________________________________________________ > >>Diese E-Mail enthält möglicherweise vertrauliche und/oder rechtlich > >> > >> > >geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder > >diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den > >Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die > >unbefugte Weitergabe dieser Mail ist nicht gestattet. > > > > > >>This e-mail may contain confidential and/or privileged information. If you > >> > >> > >are not the intended recipient (or have received this e-mail in error) > >please notify the sender immediately and destroy this e-mail. Any > >unauthorised copying, disclosure or distribution of the material in this > >e-mail is strictly forbidden. > > > > > >> > >>--------------------------------------------------------------------- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >> > > > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > -- > =========================================== > Dipl.-Inf. Manfred Wolff > ------------------------------------------- > phone neusta : +49 421 20696-27 > phone : +49 421 534522 > mobil : +49 178 49 18 434 > eFax : +49 1212 6 626 63 965 33 > ------------------------------------------- > ____________________________________________________ > Diese E-Mail enthält möglicherweise vertrauliche und/oder rechtlich geschützte > Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. > > This e-mail may contain confidential and/or privileged information. If you are not > the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]