-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mike,
Mike Quilleash wrote: > Does anyone know if there's a method for determining if the Session for > a user has expired since the last request? When a request comes in from a user who /did/ have a session, it should include a session identifier. If the session is timed out, then you'll forward to the login page, and you will have a session created for you already (assuming that you are using either container-managed sessions, or a session management strategy that mirrors the container-managed variety). You can use this to your advantage by checking the result from calling request.getRequestedSessionId versus session.getId. If they are different, then a new session has been created in response to a request for a dead session. This is not entirely foolproof, since generally session cookies are designed to live for as long as the browser is running (the browser's "session"), and so your user may: 1. login 2. do some stuff 3. leave without logging out 4. comes back the next day to your front page (or login page) In this case, their browser may send the old cookie and it looks like they are trying to resume their expired session (as above), but they're really coming in "fresh". Hope that helps, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF/9eG9CaO5/Lv0PARArypAKCQ8DiWM6IT1W2t7bjhAc6fZg7mOgCeN1dA 5mOlrwChuMqvAnm26cCCD8Q= =6B5J -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]