Is really a pain in the ass have a brand new session when the session is dead. Would be great have a session.isNewBecauseTheOldIsDead()
-----Original Message----- From: Asensio, Rodrigo [mailto:[EMAIL PROTECTED] Sent: Monday, December 18, 2006 12:52 PM To: Tomcat Users List Subject: invalid sessions Hi guys, Im trying to reject users whose sessions was invalidated (in purpose because a logout or timeout) But I found that there is not logic combination in the session valid or invalid methods. Case 1 First request Session.isNew() TRUE Request.isRequestedSessionIdValid() FALSE We can say that this is ok because you are still not authenticated. Case 2 Session timeout Next request will be Session.isNew() TRUE because creates a new session Request.isRequestedSessionIdValid() FALSE The funny thing is if I request the session with create in false, it always returns an object Request.getSession(false) != null ALWAYS in this case. I have no way to verify if the session was invalidated by a timeout. I made a listener and put the invalid session in the DB but I have no way to identify because When a client comes back from a invalid session, it creates a new one. Do you know any way ? Thanks Rodrigo ------------------------------------------------------------------- Rodrigo Asensio Fuel Management Services Gilbarco Veeder Root phone: +1 336 547 5023 email: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> (~'~~'~~'~~) | | | | | ~|~ |-------()) ( _) | | | | ''.. | |'..'---_/\ / ''---|| /\ / \ \\/\/ | \ / \_/ | \/\\ | \ This message (including any attachments) contains confidential and/or proprietary information intended only for the addressee. Any unauthorized disclosure, copying, distribution or reliance on the contents of this information is strictly prohibited and may constitute a violation of law. If you are not the intended recipient, please notify the sender immediately by responding to this e-mail, and delete the message from your system. If you have any questions about this e-mail please notify the sender immediately. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This message (including any attachments) contains confidential and/or proprietary information intended only for the addressee. Any unauthorized disclosure, copying, distribution or reliance on the contents of this information is strictly prohibited and may constitute a violation of law. If you are not the intended recipient, please notify the sender immediately by responding to this e-mail, and delete the message from your system. If you have any questions about this e-mail please notify the sender immediately. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]