What I do and I have seen alot of people do this, is put an Object in the
HttpSession that indicates if a user is logged in or not. When they log in,
you put that object in. If they log out, you remove it, and if the session
times out, its gone as well. Simply check for that object (either on every
JSP page before its displayed..giving you the option to forward to another
"error" page if the page being displayed is not allowed unless they are
logged in. I use an include file to reuse this functionality on every JSP
page I need protected). Or, if your using a MVC framework, have some logic
in your controller servlet that makes sure only if the object exists can
certain pages be accessed, otherwise forward to the login page.
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Sergio
> Socarras
> Sent: Sunday, January 21, 2001 2:44 AM
> To: Orion-Interest
> Subject: Recreating an expired session. PLEASE HELP!!!
>
>
>
> How can I re-create a session once the session
> timeout has been reached and the server has
> invalidated the session. I have a couple of pages that
> require a session, but I need to timeout after five
> minutes of inactivity. If the session has timed out, I
> need to send the user back to a login page. The
> problem is that if I call getSession(true) on the
> request object I get the following exception:
>
> java.lang.IllegalStateException: Session was
> invalidated
> at
> com.evermind.server.http.EvermindHttpSession.invalidate(JAX)
> at
> com.evermind.server.http.EvermindHttpSession.valueUnbound(JAX)
> at
> com.sun.net.ssl.internal.ssl.SSLSessionImpl.putValue([DashoPro-V1.
> 2-120198])
> at
> com.evermind.server.http.EvermindHttpServletRequest.getSession(JAX)
> at
> /templates/test.jsp._jspService(/templates/test.jsp.java:17)
> at com.orionserver.http.OrionHttpJspPage.service(JAX)
> at com.evermind.server.http.HttpApplication.w5(JAX)
> at com.evermind.server.http.JSPServlet.service(JAX)
> at com.evermind.server.http.d1.si(JAX)
> at com.evermind.server.http.d1.forward(JAX)
> at com.evermind.server.http.ed.sp(JAX)
> at com.evermind.server.http.ed.so(JAX)
> at com.evermind.util.f.run(JAX)
>
> How do I force it to create a new session? Please
> help, I need to resolve this as soon as possible.
>
> Also if I specify a -1 for session timeout which
> implies that the session never times out, when and how
> does the memory for these session get released once
> the client is no longer interacting with the site.
>
> Thanks
> Sergio
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Auctions - Buy the things you want at great prices.
> http://auctions.yahoo.com/
>
