invalidating sessions
Is there to invalidate a single sessionbean rather than the whole session? thanks -ryan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: invalidating sessions
session.removeAttribute(mybean); -Tim [EMAIL PROTECTED] wrote: Is there to invalidate a single sessionbean rather than the whole session? thanks -ryan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
invalidating sessions
A quick question about invalidating sessions: Is there a way to detect whether a session is still active without implementing some sort of login/logout scheme (i.e. is there some way to invalidate a session without explicit input from the user, other than simply letting it time out)? Thanks, James This message has been 'sanitized'. This means that potentially dangerous content has been rewritten or removed. The following log describes which actions were taken. Sanitizer (start=1058992325): Forcing message to be multipart/mixed, to facilitate logging. Writer (pos=1132): Part (pos=1181): Part (pos=200): SanitizeFile (filename=unnamed.txt, mimetype=text/plain): Match (rule=8): ScanFile (file=/var/spool/filter/anomy/att-3f1ef0c5-MO3-unnamed.txt): Scan succeeded, file is clean. Enforced policy: accept Part (pos=645): SanitizeFile (filename=unnamed.html, mimetype=text/html): Match (rule=8): ScanFile (file=/var/spool/filter/anomy/att-3f1ef0c6-88E-unnamed.html): Scan succeeded, file is clean. Enforced policy: accept Note: Styles and layers give attackers many tools to fool the user and common browsers interpret Javascript code found within style definitions. References: - http://www.securityfocus.com/bid/630 - http://archives.indenial.com/hypermail/bugtraq/2001/January2001/0512.html Rewrote HTML tag: _STYLE_ as: _DEFANGED_STYLE_ Rewrote HTML tag: _/STYLE_ as: _/DEFANGED_STYLE_ Total modifications so far: 2 Anomy 0.0.0 : Sanitizer.pm $Id: Sanitizer.pm,v 1.54 2002/02/15 16:59:07 bre Exp $ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: invalidating sessions
You may use HttpSession.invalidate() to invalidate a session. -Original Message- From: James Michelich [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 23, 2003 4:30 PM To: Tomcat Users List Subject: invalidating sessions A quick question about invalidating sessions: Is there a way to detect whether a session is still active without implementing some sort of login/logout scheme (i.e. is there some way to invalidate a session without explicit input from the user, other than simply letting it time out)? Thanks, James This electronic transmission is strictly confidential to Smith Nephew and intended solely for the addressee. It may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, or someone authorized by the intended addressee to receive transmissions on behalf of the addressee, you must not retain, disclose in any form, copy or take any action in reliance on this transmission. If you have received this transmission in error, please notify the sender as soon as possible and destroy this message.
Re: invalidating sessions
I'm not sure if there is a standard/accepted method but, this is what I do.
1. Inside index.jsp, I put this:
%session.setAttribute(VALIDSESSION, Boolean.TRUE);%
2. At the top of each jsp file, I put this:
try{
Boolean validSession = (Boolean)session.getAttribute(VALIDSESSION);
} catch (Exception e) {
response.sendRedirect( index.jsp );
}
This places a value in VALIDSESSION when index.jsp loads up and then checks to
see if VALIDSESSION is still valid when each JSP file is loaded afterwards. If
it is not valid then the user gets redirected back to index.jsp to start over.
I use JDBCRealm and FORM AUTH, so; when my session times out, I get sent to the
login.jsp page, then after a successful login, j_security_check tries to send me
to the page I originally requested when my session was still active. Since many
pages rely on information stored in the session, errors will occur without this
check.
To invalidate an active session, simply do this:
session.invalidate();
Hope this helps,
--
***
* Rick Roberts*
* Advanced Information Technologies, Inc. *
***
James Michelich wrote:
A quick question about invalidating sessions:
Is there a way to detect whether a session is still active without
implementing some sort of login/logout scheme (i.e. is there some way to
invalidate a session without explicit input from the user, other than
simply letting it time out)?
Thanks,
James
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Invalidating Sessions
Hi There JDK1.3, Tomcat 3.2.1, WinNt, IIS Is there any way to detect if a browser has been closed while a request through the servlet still processing? I mean When a user submits a request and closes the browser right away, my servlet still doing something and after finishing its task tries to redirect to a jsp or servlet, but there is no user to write back and my session still is open and I get no error. I want somehow to detect if somebody has been closed his browser after submitting his request. Please help Thank You, Eddie
RE: Invalidating Sessions
no ~ Namaste - I bow to the divine in you ~ Filip Hanik Software Architect [EMAIL PROTECTED] www.filip.net -Original Message- From: Fiodir Eissayou [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 03, 2001 1:04 PM To: '[EMAIL PROTECTED]' Subject: Invalidating Sessions Hi There JDK1.3, Tomcat 3.2.1, WinNt, IIS Is there any way to detect if a browser has been closed while a request through the servlet still processing? I mean When a user submits a request and closes the browser right away, my servlet still doing something and after finishing its task tries to redirect to a jsp or servlet, but there is no user to write back and my session still is open and I get no error. I want somehow to detect if somebody has been closed his browser after submitting his request. Please help Thank You, Eddie
