On 22/04/2010 22:24, Paul Carroll wrote: > Yes. I put the session marker in my filter and I perform a simple check each > time through the filter to determine if the marker exists and to check if it > equals the current session id.
The session id itself may change during login, so I'm not sure if you should rely on this. Since Tomcat 6.0.21 http://issues.apache.org/bugzilla/show_bug.cgi?id=45255 p > Thanks. > > --- [email protected] wrote: > > From: Christopher Schultz <[email protected]> > To: Tomcat Users List <[email protected]> > Subject: Re: Session Timeout - Filter Not Called > Date: Thu, 22 Apr 2010 16:45:10 -0400 > > Paul, > > On 4/22/2010 2:44 PM, Paul Carroll wrote: >> I guess what I really need to be able to do is determine when a user creates >> a new session. This could either be done by the user opening the browser >> and browse to our application where the user logs in and the new session is >> created. Or the user's session times out and the user is presented with our >> login page and the user will login and a new session is created. > > I think Bob's suggestion that you use a session marker variable will > take care of this for you, no? > > >> --- [email protected] wrote: > >> From: Bob Hall <[email protected]> >> To: Tomcat Users List <[email protected]> >> Subject: Re: Session Timeout - Filter Not Called >> Date: Mon, 12 Apr 2010 23:58:45 -0700 (PDT) > >> Paul, > >> --- On Mon, 4/12/10 at 7:21 AM, Paul Carroll <[email protected]> wrote: > >>> That works in that my filter is >>> called when the session times out and the user is redirected >>> to the login page. However, the Referer header makes >>> no indication that the user is logging in. > >> What does the referrer header contain? > >>> If the request URI is not null, then I can redirect them to the requested >>> URI if it has been determined that it is a "safe" area that >>> does not need any session variables established. Is >>> there a way to determine if the user's session has timed out >>> and the user is logging in once again? > >> Check for the session variables that would have been set? > >> - Bob > > > > >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
signature.asc
Description: OpenPGP digital signature
