A Yang wrote:
>
> Hi,
>
> Can anyone tell me what the proper convention for
> checking for invalidated sessions is? Do people really
> write code checking for whether the session is valid
> EVERY time they are about to refer to one? And if so,
> do they just examine the LastAccessedTime and create a
> new session accordingly?
If a session gets invalidated, you can't get at it any
more. A call to getSession() will create a new one.
You can examine a session with isNew() to see if it
was just created.
>
> If this is the case, then you'd think that part of the
> base class functionality would be a method that
> automatically compares it to the MaxInactiveInterval -
> instead of making me subclass HttpSession myself....8)
>
> Also, is the behaviour of a timed-out session defined
> if I try to access one? Does Tomcat automatically
> invalidate the session after it exceeds the
> session-timeout value?
Yes there is a Thread that does session upkeep.
Look into the HttpSessionBindingListener for a way
to be notified when a session is invalidated.
--
WBB - [EMAIL PROTECTED]
Java Cert mock exams http://www.lanw.com/java/javacert/
Author of Java Developer's Guide to Servlets and JSP
ISBN 0-7821-2809-2
