Hi,
Can anyone tell me what the proper convention for
checking for invalidated sessions is? Do people really
write code checking for whether the session is valid
EVERY time they are about to refer to one? And if so,
do they just examine the LastAccessedTime and create a
new session accordingly?
If this is the case, then you'd think that part of the
base class functionality would be a method that
automatically compares it to the MaxInactiveInterval -
instead of making me subclass HttpSession myself....8)
Also, is the behaviour of a timed-out session defined
if I try to access one? Does Tomcat automatically
invalidate the session after it exceeds the
session-timeout value?
Thanks,
_______________________________________________________
Do You Yahoo!?
Get your free @yahoo.ca address at http://mail.yahoo.ca
