// If a User is logging in, we should refresh the
// session here. Invalidating session and starting a
// new session would seem to be a good method, but I
// (JDM) could not get this to work well (it always
// required the user to login twice). Maybe related
// to JServ? If we do not clear out the session, it
// is possible a new User may accidently (if they
// login incorrectly) continue on with information
// associated with the previous User. Currently the
// only keys stored in the session are "turbine.user"
// and "turbine.acl".
if (data.getAction().equalsIgnoreCase(TurbineResources
.getString("action.login")))
{
String[] names = data.getSession().getValueNames();
if (names != null)
{
for (int i=0; i< names.length; i++)
{
data.getSession().removeValue(names[i]);
}
}
}On Thursday, October 9, 2003, at 03:00 PM, Youssef Mohammed wrote:
Thanks Glenn ,
This is exactly what I am running into but I couldn't find such a code in the turbine servlet that clears sessions variables !!!
-----Original Message----- From: Glenn R. Golden [mailto:[EMAIL PROTECTED] Sent: Thursday, October 09, 2003 8:53 PM To: Jetspeed Developers List Subject: Re: why Session is invalidated when user logs in
This is standard Turbine behavior, I believe. See the turbine servlet, that's where I think it quite deliberately clears all session values once the user successfully logs in.
I had tried to store a redirect URL in the session to be processed after login, but Turbine clears the values so it was gone. I wonder if this is what you are running into.
- Glenn
On Thursday, October 9, 2003, at 11:15 AM, Youssef Mohammed wrote:
I checked it . The JSESSIONID is not changed when the user logs in but the variables are cleared from the HTTPSession object !!!
-----Original Message----- From: Pernoud Aurelien [mailto:[EMAIL PROTECTED] Sent: Thursday, October 09, 2003 4:51 PM To: Jetspeed Developers List Subject: RE: why Session is invalidated when user logs in
I didn't find any code in jetspeed or turbine that explicitely calls the request.geSession().invalidate() method, so I find it weird.
Can you check if the sessionid is the same when not logged in and after
logged in, that may be the reason ?
Aurelien
Youssef Mohammed a �crit :
Hi
I am storing session variables when an annoymous user browing thru jetspped when he/she logs in as registerd user the session variables is deleted !!! How to bridge those variables to the new session or prevent them from deleteion
thnks
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
