Frank Ratzlow wrote the following on 5/23/2005 6:54 AM:
some of the actions) serve authorized and unauthorized users the same.
Afaik if a user sends his first request a session will be created for him
(default behaviour). Additionally we invalidate a session when a user
authorizes and store his credentials etc. in a newly created one.
I'm not exactly sure what you mean above about the default behavior
creating a Sesion? I use a Filter to test for the Session and it works
fine...
in my doFilter(..) method...
HttpSession session = request.getSession(false);
if (session == null) {
response.sendRedirect(contextPath+"/sessionTimeOut.jsp");
return;
}
Why wouldn't something like the above work?
I also don't test certain paths with this filter so not all paths are
checked for a valid session (ie if they go right to the login page
obviously I don't want to test for a Session yet.)
--
Rick
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]