Hi Bob,
Thanks for your answer!
Well, I agree that the refered field in the database would fit perfectly
in the case of having more than one instance of Tomcat handling requests,
but why can't it be used for the "local" session handling as well?
About what you wrote: "Once a session is marked invalid, my understanding
is that it only exists for the remaining scope of the page that marked it
invalid.". In my case I am ont invalidating the session in any page, the
session is timed out by tomcat. And I had a simple test page in an
environment with a timeout for the session set to a low value (3 minutes).
If I follow what tomcat is doing, these are the steps:
1 - The session is backed up to the database (I set the value maxIdleBackup="10")
after nearly 10 seconds of inactivity.
2 - In my jsp page I check the methods session.isNew() = false,
request.isRequestedSessionIdValid() = true. This would be the expected
behavior.
3 - After the session is timed out by tomcat (I simply take no action
during 3 minutes), it is removed from the database.
4 - I try again to acess the same JSP page and the methods return session.isNew() =
true and request.isRequestedSessionIdValid() = false.
This would also be ok except for the fact that I have a NEW value for the
sessionID.
With this behavior it is impossible to find out if I have a new session or
an expired one. Maybe I am missing something here, but my idea was to
redirect the user to a page telling him something like: "hi my friend,
please login again because your session has expired". With the current
implementation I am finding no solution to this.
Cheers,
Daniel
[EMAIL PROTECTED]
24.06.2002 18:17
Please respond to "Tomcat Developers List"
To: [EMAIL PROTECTED]
cc:
Subject: Re: JDBCStore implementation
> Hello everyone,
>
> I am writing about an issue on invalidation of sessions.
> In the current implementation, a session is deleted from the Database
when
> it is invalidated. Is this really the behavior expected?
I have been looking over the code some, and I think that behavior is
correct. I think the DB schema was written with the thinking that
that field may some day be useful when more than one instance of
Tomcat is handling requests.
> I mean, if there is an attribute to specify if a session is valid or
not,
> a session that is invalidated should have this attribute reset instead
of
> being deleted, isn't it? If this is not true, it is not possible to see
> difference between a session that is not valid anymore and a new one.
Once a session is marked invalid, my understanding is that it only
exists for the remaining scope of the page that marked it invalid.
I think if you have a page with 2 frames in it, and one of the
frames marks the session as invalid, the other frame might get;
* a valid session until it is marked invalid by the other page
or
* a new session
depending on the race condition of the browser and webserver loading
both frames.
Cheers,
-bob
> Can anyone tell me something about the plans for the implementation of
> this feature?
>
> Cheers,
> Daniel
>
>
>
> --
> To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
>
Cheers,
-bob
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
