Your interceptor can use the static method: ActionContext.setSession(Map<String, Object> session)
Have a look at CreateSessionInterceptor to see how the map parameter can be created. When your own interceptor is placed before ServletConfigInterceptor in stack it will affect SessionAware. Regrads, Christoph > > Hello Christoph, > Apart from the issue with static access to > @com.spb.mvc.util.Constants@ATRB_SESSION_USER, is there no way to update > the reference to the session across the whole framework? Because we are > having the same issue with SessionAware if the session is destroyed/created > in one of the interceptors. What I would like to do is be able to inject > the reference to the new session in the interceptor, and have it replaced > the old one across the whole framework. Any suggestions? > > JL > > 2015-05-19 3:17 GMT-04:00 Christoph Nenning <christoph.nenn...@lex-com.net>: > > > > > > > Hello, > > > We have a struts2 project. In that project we have a security > > procedure > > > in order to log in the users. As part of the login process, the session > > is > > > destroyed and recreated once the user is logged in, in order to avoid > > > Session hijacking. The problem we are having is that the action finally > > > returns a JSP, and that JSP has a OGNL reference to the session as > > follows: > > > > > > <s:if test="#session[@com.spb.mvc.util.Constants@ATRB_SESSION_USER] != > > null > > > "> > > > > > > It seems that the reference #session points to the previous version, > > as > > > we are getting errors as follows: > > > > > > ERROR org.apache.struts2.dispatcher.Dispatcher - Exception occurred > > during > > > processing request: HttpSession is invalid > > > java.lang.IllegalStateException: HttpSession is invalid > > > at > > > weblogic.servlet.internal.session.SessionData.getAttributeNames > > > (SessionData.java:476) > > > at > > > org.apache.struts2.dispatcher.SessionMap.entrySet(SessionMap.java:111) > > > at java.util.AbstractMap.hashCode(AbstractMap.java:492) > > > at java.util.Objects.hashCode(Objects.java:96) > > > at java.util.HashMap$Entry.hashCode(HashMap.java:847) > > > at java.util.AbstractMap.hashCode(AbstractMap.java:494) > > > at ognl.OgnlContext.hashCode(OgnlContext.java:707) > > > at java.lang.Object.toString(Object.java:237) > > > at java.lang.String.valueOf(String.java:2847) > > > at java.lang.StringBuilder.append(StringBuilder.java:128) > > > > > > > > > > > > Is there some way we can force the stack to refresh the reference to the > > > session? > > > > > > thanks > > > > > > JL > > > > > > > > A simple workaround would be to store session as member of action and > > access this reference via ognl. > > > > > > And please note that it is recommended to not use statics via ognl due to > > security issues. > > > > > > > > Regards, > > Christoph > > > > This Email was scanned by Sophos Anti Virus > > This Email was scanned by Sophos Anti Virus