Jonathan Eric Miller wrote:
Yeah, that seems like it would work. I'm wondering if I could maybe use a filter by itself though and not use the listener and do something like the following.
1. Intercept all requests with a filter. 2. Get the HttpSession out of the request. Get the session ID by calling HttpSession.getId(); 3. Get the cookie array and see if there is a cookie named "jsessionid." If there is, compare the two session IDs. If they are different forward to sessionexpired.jsp to display error page. Otherwise, continue as normal.
I've just tried this way, it works. Look at example .java file in attach for example, it's Filter implementation. Thanks for the suggestion, it's very useful.
package org.unchqua.test.servlet;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.Cookie;
public class NewSessionFilter implements Filter {
private FilterConfig fconf;
public void init(FilterConfig arg0) throws ServletException {
fconf=arg0;
}
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain fchain) throws IOException, ServletException {
boolean newManualSession=false;
String fromSession=null;
if (((HttpServletRequest)req).getSession(false)!=null) {
fromSession=((HttpServletRequest)req).getSession(false).getId();
}
if (fromSession==null) {
fromSession=((HttpServletRequest)req).getSession().getId();
newManualSession=true;
}
String fromCookie=null;
Cookie[] cooks=((HttpServletRequest)req).getCookies();
if (cooks!=null) {
for (int i=0; i<cooks.length; i++) {
if (cooks[i].getName().equals("JSESSIONID")) {
fromCookie=cooks[i].getValue();
break;
}
}
}
ServletOutputStream out=resp.getOutputStream();
out.println(newManualSession ? "Session manually created" : "");
out.println(fromSession!=null ? "From session: "+fromSession : "No session");
out.println(fromCookie!=null ? "From cookies: "+fromCookie : "No session id in
cookies");
if (fromSession==null && fromCookie==null)
out.println("Session is completely new");
else if (fromSession==null && fromCookie!=null)
out.println("Session lived but has been expired");
//fchain.doFilter(req, resp);
}
public void destroy() {
fconf=null;
}
}
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
