Thanks for the clarification. Well, my system is like a ERP, what I want to do is basically: the user for work with the system, first must to be authenticated, then the user can works normally, then, if his session timed out, he need to relogin, that is the reason because I need to control the sessions, but what the user was doing before relogin, must be on hold, if the authentication is successful, then the request of the user is committed.
Any advice will be welcome. Thanks. On Thu, Oct 20, 2011 at 10:52 AM, André Warnier <a...@ice-sa.com> wrote: > Alejandro Soto wrote: > >> Hi, thanks for your replies, These are the only ways I have to do it?, I >> was >> reading something about filters, but I think only works with user >> interaction. >> >> > The basic issues are these : > > 1) Tomcat (probably) doesn't spend its time all the time scanning stored > sessions to see if one has expired, and deleting it. > What it does is : when a new request comes in, and that new request has a > session-id in it, then Tomcat looks for this stored session. If it finds > it, it checks if it has expired, and if so, it deletes it and does as if the > session had not been there in the first place. > > 2) even assuming that Tomcat would find out, without user interaction, that > a session has expired, and wanted to send something somewhere, where would > it send it ? > It is not certain that the browser of that user still has a connection open > with the server. > And even if there was such a connection open, and Tomcat sent something on > it, the browser isn't waiting for anything, since it has not requested > anything. I wouldn't be surprised if the browser got very confused then. > > > That's why you always need the browser to send something, to have Tomcat > react and search for the session, and send an answer. > > Personally, I think that by trying to do this (in whatever way), you set > yourself up for all kinds of bizarre happenings and side-effects. > What is the problem you are trying to solve ? > > > ------------------------------**------------------------------**--------- > To unsubscribe, e-mail: > users-unsubscribe@tomcat.**apache.org<users-unsubscr...@tomcat.apache.org> > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Alejandro Soto M. Cel: 705-63861
