Create session on Tomcat 4.1.24
Hi, I am trying to upgrade our current Tomcat 4.0.4 to Tomcat 4.1.24. After logged in our application, we store the user information as an attribute in the session. With Tomcat 4.1.24, it seems the session was not created. How can I configure tomcat 4.1.24 to create session automatically? Thanks in advance. Chiming - Do you Yahoo!? The New Yahoo! Shopping - with improved product search
RE: Create session on Tomcat 4.1.24
Howdy, Like tomcat 4.0.4, tomcat 4.1.24 creates an HttpSession when you use HttpServletRequest.getSession(). There's no magic here now, there was no magic here before. If you're running into a specific error, post details and we'll try to help ;) Yoav Shapira Millennium ChemInformatics -Original Message- From: Chiming Huang [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 10:19 AM To: Tomcat User Subject: Create session on Tomcat 4.1.24 Hi, I am trying to upgrade our current Tomcat 4.0.4 to Tomcat 4.1.24. After logged in our application, we store the user information as an attribute in the session. With Tomcat 4.1.24, it seems the session was not created. How can I configure tomcat 4.1.24 to create session automatically? Thanks in advance. Chiming - Do you Yahoo!? The New Yahoo! Shopping - with improved product search This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Create session on Tomcat 4.1.24
no magic here now, there was no magic here before. If you're running into a specific error, post details and we'll try to help ;) Yoav Shapira Millennium ChemInformatics -Original Message- From: Chiming Huang [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 10:19 AM To: Tomcat User Subject: Create session on Tomcat 4.1.24 Hi, I am trying to upgrade our current Tomcat 4.0.4 to Tomcat 4.1.24. After logged in our application, we store the user information as an attribute in the session. With Tomcat 4.1.24, it seems the session was not created. How can I configure tomcat 4.1.24 to create session automatically? Thanks in advance. Chiming - Do you Yahoo!? The New Yahoo! Shopping - with improved product search This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? The New Yahoo! Shopping - with improved product search
RE: Create session on Tomcat 4.1.24
Owdy, And what do you see in your logs? Successful login, and then redirection to access denied page? Yoav Shapira Millennium ChemInformatics -Original Message- From: Chiming Huang [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 10:58 AM To: Tomcat Users List Subject: RE: Create session on Tomcat 4.1.24 Hi, Thank you for your quick response. We are using Tomcat 4.0.4, Struts 1.0.2 for our application. In the perform() method of the logon action class, we get the HttpSession, say session, by calling request.getSession(). And then store the user class by calling session.setAttribute(userinfo, user). Also, we have a taglib to check if user has been logged on by retrieving the session attribute userinfo. If the userinfo attribute is null, the taglib will forward to assess denied page. Following are the snippets of my logon action class and the check logon taglib. It was working fine on 4.0.4. Now with 4.1.24, after logged in, user will be forwarded to the access denied page. Thanks again. Chiming // public final class LogonAction extends Action { // Public Methods - /** * Process the specified HTTP request, and create the corresponding HTTP * response (or forward to another web component that will create it). * Return an codeActionForward/code instance describing where and how * control should be forwarded, or codenull/code if the response has * already been completed. * * @param mapping The ActionMapping used to select this instance * @param actionForm The optional ActionForm bean for this request (if any) * @param request The HTTP request we are processing * @param response The HTTP response we are creating * * @exception IOException if an input/output error occurs * @exception ServletException if a servlet exception occurs */ public ActionForward perform(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { Auth auth = new Auth(path); User user = auth.authenticate(username, password); if(user == null) { errors.add(ActionErrors.GLOBAL_ERROR, new ActionError(error.password.mismatch)); } // Report any errors we have discovered back to the original form if (!errors.empty()) { ((LogonForm) form).setStatus(Invalid username or password); saveErrors(request, errors); servlet.log( ***User is not logged on in session ); return (mapping.findForward(logon)); } HttpSession session = request.getSession(); session.setAttribute(ConstantStrings.USER, user); if (servlet.getDebug() = 1) servlet.log(LogonAction: User ' + user.getUsername() + ' logged on in session + session.getId()); // Remove the obsolete form bean if (mapping.getAttribute() != null) { if (request.equals(mapping.getScope())) request.removeAttribute(mapping.getAttribute()); else request.getSession().removeAttribute(mapping.getAttribute()); } // Forward control to the specified success URI return (mapping.findForward(success)); } } // public final class CheckLogonTag extends TagSupport { // - Instance Variables /** * The page to which we should forward for the user to log on. */ private String page = /logon/accessDenied.jsp; // --- Properties /** * Return the forward page. */ public String getPage() { return (this.page); } /** * Set the forward page. * * @param page The new forward page */ public void setPage(String page) { this.page = page; } // --- Public Methods /** * Defer our checking until the end of this tag is encountered. * * @exception JspException if a JSP exception has occurred */ public int doStartTag() throws JspException { return (SKIP_BODY); } /** * Perform our logged-in user check by looking for the existence of * a session scope bean under the specified name. If this bean is not * present, control is forwarded to the specified logon page. * * @exception JspException if a JSP exception has occurred */ public int doEndTag() throws JspException { // Is there a valid user logged on? boolean valid = false; HttpSession session = pageContext.getSession(); if ((session != null) (session.getAttribute(ConstantStrings.USER) != null)) valid = true; // Forward control based on the results if (valid) return (EVAL_PAGE); else { try { pageContext.forward(page); } catch (Exception e) { throw new JspException(e.toString()); } return (SKIP_PAGE); } } /** * Release any acquired resources
Re: Create session on Tomcat 4.1.24
Hi, In my struts-config.xml, the logon action mappings looks like this: action-mapping action path=/logon type = com.act.logon.LogonAction name=logonForm scope=request input=/logon/logon.jsp forward name=logon path=/logon/logon.jsp/ forward name=changePassword path=/logon/changePassword.jsp/ forward name=failure path=/logon/accessDenied.jsp/ forward name=success path=/main/main.jsp redirect=true/ /action The main.jsp is the page that use the check logon taglib. If I remove the redirect=true attribute in the forward element, it seems to work. But why it behaves differently (4.0.4 vs 4.1.24)? Does the redirect=true cause a new session to be created? Does tomcat store the sessionid in cookie? Thanks, Chiming - Original Message - From: Shapira, Yoav [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, October 24, 2003 11:02 AM Subject: RE: Create session on Tomcat 4.1.24 Owdy, And what do you see in your logs? Successful login, and then redirection to access denied page? Yoav Shapira Millennium ChemInformatics -Original Message- From: Chiming Huang [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 10:58 AM To: Tomcat Users List Subject: RE: Create session on Tomcat 4.1.24 Hi, Thank you for your quick response. We are using Tomcat 4.0.4, Struts 1.0.2 for our application. In the perform() method of the logon action class, we get the HttpSession, say session, by calling request.getSession(). And then store the user class by calling session.setAttribute(userinfo, user). Also, we have a taglib to check if user has been logged on by retrieving the session attribute userinfo. If the userinfo attribute is null, the taglib will forward to assess denied page. Following are the snippets of my logon action class and the check logon taglib. It was working fine on 4.0.4. Now with 4.1.24, after logged in, user will be forwarded to the access denied page. Thanks again. Chiming // public final class LogonAction extends Action { // Public Methods - /** * Process the specified HTTP request, and create the corresponding HTTP * response (or forward to another web component that will create it). * Return an codeActionForward/code instance describing where and how * control should be forwarded, or codenull/code if the response has * already been completed. * * @param mapping The ActionMapping used to select this instance * @param actionForm The optional ActionForm bean for this request (if any) * @param request The HTTP request we are processing * @param response The HTTP response we are creating * * @exception IOException if an input/output error occurs * @exception ServletException if a servlet exception occurs */ public ActionForward perform(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { Auth auth = new Auth(path); User user = auth.authenticate(username, password); if(user == null) { errors.add(ActionErrors.GLOBAL_ERROR, new ActionError(error.password.mismatch)); } // Report any errors we have discovered back to the original form if (!errors.empty()) { ((LogonForm) form).setStatus(Invalid username or password); saveErrors(request, errors); servlet.log( ***User is not logged on in session ); return (mapping.findForward(logon)); } HttpSession session = request.getSession(); session.setAttribute(ConstantStrings.USER, user); if (servlet.getDebug() = 1) servlet.log(LogonAction: User ' + user.getUsername() + ' logged on in session + session.getId()); // Remove the obsolete form bean if (mapping.getAttribute() != null) { if (request.equals(mapping.getScope())) request.removeAttribute(mapping.getAttribute()); else request.getSession().removeAttribute(mapping.getAttribute()); } // Forward control to the specified success URI return (mapping.findForward(success)); } } // public final class CheckLogonTag extends TagSupport { // - Instance Variables /** * The page to which we should forward for the user to log on. */ private String page = /logon/accessDenied.jsp; // --- Properties /** * Return the forward page. */ public String getPage() { return (this.page); } /** * Set the forward page. * * @param page The new forward page */ public void setPage(String