I have an app in which users do not have to login, but each user does have its own session.
I tried to come with a way to detect whether the users current session has expired, but I can't seem to find a way to differentiate between 'no' session and an 'expired' session.
What I had was:
if (request.getRequestedSessionId() != null && !request.isRequestedSessionIdValid()) {
response.sendRedirect(this.getInitParameter("session_timeout_url"));
return;
}
this works, as long as the servlet is not called from a different context in which another session is already active.
If I use a sessionlistener to flag somewhere that the session for a certain session id is no longer valid, this 'flag'repository will keep on growing, it would probably take forever to cause problems, still is doesn't seem like a good solution.
Why isn't there something like session.isValid(); so that request.getSession(false) returns a session object which can be queried for validness? Now it returns null, which makes it a bit hard to determine session history.
Greetz Hans
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]