Hi, try to take this code in your baseclass (assuming the name ist MyServlet) of all your servletclasses. The performRequest-method must be called directly from the doPost ()-Method. If you are using only one (Dispatcher-)Servlet, you have to work out the Requests from the Login-Page and to react on a Login (via Database or in any other way). The generated HTML-Page in this Code-Segment must have the tag containing <from action = \"MyServlet\" method = \"Post\">. If you are using on the other hand more Servlets derived from this baseclass, especially one Servlet to every HTML-Page, the generated HTML-Page in this Code-Segment must have the tag containing <from action = \"MyLoginServlet\" method = \"Post\">. So you can handle the Login in an own Servlet. After succesful login you should redirect your application to your first Page. In this way, you give the user the Startup-Page, which is directly connected to your LoginServlet. Any illegal try of a user, to call an Servlet directly via URL in your browser will be automatically directed to your Login. A nice thing is a Logout-Handler on (every) Page. All you have to do is to generate a "LOGOUT"-Button in your HTML-Stream and if pressed, you destroy the session via invalidate ()...... class MyServlet { ...... protected void performRequest (final HttpServletRequest roRequest, final HttpServletResponse roResponse) PrintWriter oOutput = roResponse.getWriter (); // get a HTML-Stream HttpSession oSession = roRequest.getSession (false); // try to get an exisiting session if (oSession != null) { // OK, the user is being connected for the n-th time // this method is yours !!! You get the request, the response, the actual user-session and the html-stream, where you put in your generated html-code performTask (roRequest, roResponse, oOutput, oSession); } else { // no session, no cookie, some reasons : // - the user tries to connect the first time // - the session have been invalidated by tomcat // - you are using a clustered webserver and your first server have been fallen down and your failover system takes control. // so the session data on the first system is been lost. now you have to login again (like a connection on the first time) // you can't distinguish the reasons !!! // get a fresh session, without any attribute-data oSession = roRequest.getSession (true); // write your Errormessage (like above) into the HTML-Stream and create a Login-Screen oOutput.println ("<html> .......... <form action = \"THIS_SERVLET\" method = \"post\" > ..... " + YOUR_ERRORMESSAGE + YOUR_LOGIN_SCREEN + "</form> ..... </html>"); // now the generated HTML-Page will be sent back to your browser and the user must login or leave ! } } venkatesan <[EMAIL PROTECTED]> am 15.02.2001 14:01:08 Bitte antworten an [EMAIL PROTECTED] An: [EMAIL PROTECTED] Kopie: (Blindkopie: Ralf Bode/13/LBSH/DE) Thema: Re: Antwort: session creation? Hi Antwort , Thanx a lot for ur help.. Now i am able to create new session and if i not perform any operations in that page on the specified time. that page is not comming and if i click refresh button new page is comming... Well ............ But my problem is while i entering into my web page the first screen is blank in the same way while the page is expired after the particular time if i click any link that page also blank....... can u give me some tips so that while i am entering my web-page it should not come blank and it the same way after the page expired, some message should come... Thanx in advance cheers venkatesh [EMAIL PROTECTED] wrote: > Hi, > to create a user-session you may try the following code in the doGet > (...)/doPost (...) - handling-Methods : > > HttpSession oSession = roRequest.getSession (false); // try to get an > exisiting session > > if (oSession != null) > { > // OK, anyone is been connected for the n-th time > > // continue .... > performTask (....) > } > else > { > // - user tries to connect the first time, no cookie on the client > -> no session > // - sessiontimeout, all userdata are lost > // this behaviour occurs too if you use an clustered webserver since > all sessiondata residents only on one machine (!!!) > // you can't determine, why the session is invalid > oSession = roRequest.getSession (true); // get a new session > without any attributes in > > // perhaps an errormessage or a login-handling or both > } : > > All user-sessions will be invalidated by tomcat automatically. The timeout is > defined in the WEB.XML in your %TOMCAT_HOME%/conf - Directory. Out-of-the-box > this parameter is initialized with 30. This means, after approximately 30 > Minutes the user-session will be invalidated. The next HTTP-Request will run > into the ELSE-case described above. Try any other values :-) > > venkatesan <[EMAIL PROTECTED]> am 15.02.2001 12:10:14 > > Bitte antworten an [EMAIL PROTECTED] > > An: [EMAIL PROTECTED] > Kopie: (Blindkopie: Ralf Bode/13/LBSH/DE) > > Thema: session creation? > > Hi All, > I am creating web applications using servlets. can anybody tell > that simple session creation for a particular user and invalidate after > a specific time. > > Thanks > > cheers > venkatesh > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, email: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, email: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]