Another option other the solution below, that might even be easier to
implement... When sessionCreated is called it puts a simple flag in the
ServletContext. Then in the filter that checks to see if there is a
valid session, you check to see if this flag is in the Servlet context.
If it is not, you direct the user to the login page (and make sure to
invalidate his session). The only time this flag should not be in scope
is when the application is first started up or it was restarted (I'm
assuming app scoped items in the ServletContext aren't restored upon
restart ). This should solve our problem. The benefit of this approach
is that it won't require the coding of the BindingListener as described
below.
Rick Reumann wrote the following on 7/29/2005 8:05 PM:
Tamas Szabo wrote the following on 7/28/2005 11:56 PM:
However, I would like to have a general solution for this and since we
took the time to think it over
we could have this code somewhere so it will be reusable in the future.
Well, if we want a general solution that 'should' truly work, then we
might want to go back with my initial way I was doing things (not shown
in this thread)...
That is you keep a Set of sessionIDs in ApplicatonScope (in my simple
case I didn't use a Set, but for flexiblity to allow multiple Sessions a
Set should work fine). The filter than checks to make sure your
sessionID matches one in the set. The slightly annoying part is it also
requires an HttpSessionBindingListener. When valueBound is called (when
putting the implementation of HttpSessionBindingListener in scope in
your standard SessionFilter), it will check to see if I can add another
item to the static Set of sessionIDs. When valueUnbound is called, it
will remove the sessionID from the static Set (if it's in there). I
would think this should work when the app server is restarted since I'm
hoping ServletContext bound items (the Set of sessionIDs) will be
dropped? If so this solution should work (albeit a bit more annoying to
configure with the dependency on HttpSessionBindingListener).
--
Rick
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
