You're going to have a tough time knowing whether a person isn't authenticated because they 1) haven't logged in yet or 2) their session timed out. I'd recommend use of a (session) cookie to help detect that. It's the only way I can think of.
Basically, the scenario is: - User logs in - System validates credentials - If user is validated, create a cookie that tracks them - User does stuf and sits there idle like a bump on a log - Session times out - User requests resource - System notices they don't have a session, but that the cookie is there - Sytem knows the user was logged in and timed out No amount of keeping things up-to-date in the session is going to help you in the case of a timeout. You grab the current action and stick it in a cookie though. I can't think of another way to get the functionality you're looking for. Good Luck! Eddie HTH - Didn't see it in your write-up. Maybe I didn't read between the lines thoroughly enough. On Tue, 11 Jan 2005 11:15:34 -0500, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > I have two situations I am trying to address with one generic solution: > > 1) For every update action, I had to maintain two separate "result > confirmation" JSPs, one stating "Update Successful" and one "Updated failed > due to system error. Try again later." (must be a system error, as any > data validation errors would have been returned to original data entry > JSP.) Each of these also has a button with a unique link to take it to the > appropriate action to build what should be the next view for that user (I > want to be able to bounce them back to a page that was most recent or > appropriate for where they were in the application.) > > 2) On session timeout, I want to bounce the user to a login page, then > bring them back to the page/action they were attempting to go to, or the > most appropriate location, based on the application knowing only the user > id of the user and no other context. > > If you could review my plan below and let me know if it is sound from a > Struts perspective OR whether there are Struts best practices to accomplish > the same thing in a more elegant way, that would be great. I am pretty > sure there is a bug in how I propose using the various session attibutes > below, but please don't worry with that - I'll sort it out when I > implement. I am really seeking an opinion on the overall approach. > Thanks! > > MY PLAN: > > Keep three attributes in the session object up to date at all times: > a) previousAction - the most recent action completed by the user > b) currentAction - the next action the user was attempting when the > error or session timeout occurred > c) nextAction - the next action that should be invoked after a > successful action (ONLY after successful actions) > c) previousActionResult - the message to be displayed on > actionResult.jsp (after ALL update actions, whether successful, failed, or > timed-out) > > Psuedo-code for a session timeout scenario: > > User is on ChangePasswordDef and presses button to process change with > ChangePasswordAction > > AuthenticationFilter (this is a filter that precedes ALL actions. It > checks authority of the user to execute the action, logs that the user > executed the action, and looks for session timeout) > set previousAction = currentAction (no longer prev action. In fact, > null in this scenario.) > set currentAction = ChangePassword > If new session (session timed out before this action) > set previousActionResult = "...inactive too long..." > forward to actionResult.jsp > > actionResult.jsp > display previousActionResult > render OK button to go to GoToLoginAction > > GoToLoginAction > forward to LoginDef (Tiles) > > LoginDef > invoke LoginAction > > LoginAction > process login successfully > If currentAction != null > forward to actionResultAction > > actionResultAction > If currentAction = "ChangePassword" > forward to ChangePasswordAction > > AuthenticationFilter > pass authorization check and do not detect session timeout > if current action != previousAction > set previousAction = BuildHomeViewAction > currentAction = ChangePassword > > ChangePasswordAction > (finally where the user wanted to be!) > -- > "NOTICE: The information contained in this electronic mail transmission is > intended by Convergys Corporation for the use of the named individual or > entity to which it is directed and may contain information that is > privileged or otherwise confidential. If you have received this electronic > mail transmission in error, please delete it from your system without > copying or forwarding it, and notify the sender of the error by reply email > or by telephone (collect), so that the sender's address records can be > corrected." > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Eddie Bush --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]