Please check http://www.roseindia.net/struts/struts2/struts2-login.shtml
Thanks -----Original Message----- From: RajibJana [mailto:rajibj...@gmail.com] Sent: Saturday, January 17, 2009 4:35 PM To: user@struts.apache.org Subject: Re: Struts 2 session problem Seems to me S2 can not give better solution than you have mentioned. I checked relevent codes in S2 ( e.g. scope interceptor) and IMO, struts 2 can not have feature like user session/conversation as it depends on http session for session mgmt. Thanks Rajib abhishek reddy wrote: > > OK, If you find better solution, please let me know > > On Sat, Jan 17, 2009 at 2:58 PM, RajibJana <rajibj...@gmail.com> wrote: > >> >> OK, I may try this if no other solution emerges. >> >> My question this is typical requirement for any enterprise level web app, >> how Struts2 handles it? >> >> If it does not able to, then there is no other option but to leave S2 and >> look for other server frameworks. There is a need of looking beyond http >> session. >> >> I guess S2 is positioning itself as a server framework, I hope it >> addresses >> basic requirements for a enterprise application. >> >> Thanks >> >> Rajib >> >> >> >> abhishek reddy wrote: >> > >> > *If the user opens a new browser instance, then a new session is >> created >> > and both the windows have their own user id info( i.e. userid doesnt >> > override)* >> > >> > Taking the above point into consideration...you can try this way >> > >> > 1.When User X logged in successfully, you are storing the id in the >> > session. >> > 2.Now, If User Y logged in from the same broswer instance, session will >> be >> > old...so check for the attribute value set by the User X..... >> > If attribute value is null, proceed asusual, else tell the user to open >> a >> > new browser window.. >> > >> > hope this is helpfull.. >> > >> >> transactions also get userid info as X. >> > >> > On Sat, Jan 17, 2009 at 1:46 PM, RajibJana <rajibj...@gmail.com> wrote: >> > >> >> >> >> Thanks Wes for your reply. >> >> >> >> The application requires userid info for various reasons like >> >> authorization, >> >> auditing etc. Hidden key (security reason) or cookies ( may be >> >> disabled) >> >> are not the good way to handle this situation. I am wondering whether >> >> this >> >> is not a common requirement for any web app where we need to keep >> some >> >> information that can be accessed for a particular user session. I >> hoped >> >> that >> >> Struts 2 is capable to handle user session. >> >> >> >> I am in a fix, may I need to look other frameworks like Seam? >> >> >> >> Thanks >> >> >> >> Rajib >> >> >> >> >> >> >> >> >> >> Wes Wannemacher wrote: >> >> > >> >> > On Saturday 17 January 2009 00:23:49 RajibJana wrote: >> >> >> >> >> >> 1) A User opens a browser window( IE 7/Firfox) and logs in the >> >> >> application >> >> >> as User X and the application shows the logged in userid as X and >> DB >> >> >> transactions also get userid info as X. >> >> >> 2) The same user opens a bowser tab or new window from the opened >> >> window >> >> >> ( >> >> >> from where he logged in as X), and logs in the application as User >> Y. >> >> Now >> >> >> userid Y overrides the userid X in session map( as no new session >> is >> >> not >> >> >> opened, I guess) and I get userid as Y in both the browser tabs. My >> >> >> application breaks. >> >> >> 3) If the user opens a new browser instance, then a new session is >> >> >> created >> >> >> and both the windows have their own user id info( i.e. userid >> doesnt >> >> >> override) >> >> >> >> >> > >> >> > I don't know if you will be able to fix your problem as long as you >> use >> >> a >> >> > form >> >> > of authorization that relies on the session. Each browser tab will >> >> > continue >> >> > using the session that is already established. >> >> > >> >> > Although I would not suggest this for a production application, but >> if >> >> > this >> >> > behavior is a requirement for your application, then you could try >> >> hiding >> >> > a >> >> > key within the page (a hidden input field) and also appending the >> key >> >> to >> >> > each >> >> > request URL. This is a very bad way to do it because it will be easy >> to >> >> > hijack >> >> > a session. Especially in cases where the user is clicking a link and >> >> the >> >> > key >> >> > will be visible in the GET request. >> >> > >> >> > I would consider whether your requirement is a development-time >> >> > requirement... >> >> > Meaning, is this something you need for testing your app? Or is this >> >> > something >> >> > the users will need? If it is something that the users need, >> consider >> >> re- >> >> > factoring before you hide key fields as I suggest above. If this is >> >> > something >> >> > you need for testing and development, then try to find a browser >> plugin >> >> > that >> >> > allows you to gain finer control over your cookies so that you can >> >> control >> >> > the >> >> > sessions while you work. >> >> > >> >> > -Wes >> >> > >> >> > -- >> >> > >> >> > Wes Wannemacher >> >> > Author - Struts 2 In Practice >> >> > Includes coverage of Struts 2.1, Spring, JPA, JQuery, Sitemesh and >> more >> >> > http://www.manning.com/wannemacher >> >> > >> >> > >> >> > >> --------------------------------------------------------------------- >> >> > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> >> > For additional commands, e-mail: user-h...@struts.apache.org >> >> > >> >> > >> >> > >> >> >> >> -- >> >> View this message in context: >> >> >> http://www.nabble.com/Struts-2-session-problem-tp21513305p21514087.html >> >> Sent from the Struts - User mailing list archive at Nabble.com. >> >> >> >> >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> >> For additional commands, e-mail: user-h...@struts.apache.org >> >> >> >> >> > >> > >> > -- >> > Abhishek >> > >> > >> >> -- >> View this message in context: >> http://www.nabble.com/Struts-2-session-problem-tp21513305p21514568.html >> Sent from the Struts - User mailing list archive at Nabble.com. >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> For additional commands, e-mail: user-h...@struts.apache.org >> >> > > > -- > Abhishek > > -- View this message in context: http://www.nabble.com/Struts-2-session-problem-tp21513305p21515241.html Sent from the Struts - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
