Hi Nicolas Glad you figured it out, and thanks for sharing it, with the rest of us.
Peace, Henrik ----- Original Message ----- From: "Nicolas De Loof" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <[EMAIL PROTECTED]> Sent: Friday, January 09, 2004 9:41 AM Subject: Re: Configuring Struts NOT to create (unauthentified) sessions > Here is what I need to do to avoid creating session before the user has been authentificated : > > > . add <%@ page session="false" %> to the JSP used by my login tile definition (layout & tiles) > => requesting login.jsp doesn't create a session > > . set <controller locale="false"> in struts-config.xml > . set validate="false" for the login action > (. set scope="requet" for the login action) > => requesting login.do doesn't create a session until I create it myself when authentification has succeded (or some > action-mapping has scope="session"). > > > Thank you all for help. > > Nico. > > > > > > > Quoting Nicolas De Loof <[EMAIL PROTECTED]>: > > > > > I've made a grep on Struts 1.1 sources. I noticed some case where a session > > > is created that seems to me 'uncontroled' : > > > > > > > > > RequestProcessor uses request.getSession() : > > > - in processLocale if controller is configured to use Locale (default = > > > true) > > > > > > HTMLTag uses request.getSession() : > > > - in currentLocale() : if any JSP uses <html:html> a session is created ! > > > > > > o.a.s.validator.Ressouces uses request.getSession() : > > > - in getLocale(request) : If validator is used (for example to validate login > > > page) a session will allways be created > > > > > > > > > Isn't they're any way NOT to create a session for a user that hasn't been > > > authentified ? > > > > > > Nico. > > > > > > > Besides the places where Struts itself creates a session, if you're using JSP > > you should be aware that every JSP page will create a session unless you tell > > it not to: > > > > <%@ page session="false" %> > > > > Craig > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]