Re: Struts 2, Session Management and WorkFlow.
rahulmohan wrote: The page is correct. It supports only a single conversation as of now. I have a modified version which supports multiple conversations. Couldn't get around to committing it so far. Will be happy to share the code informally. Given that it's me who is bleating about this, I'd be happy to try the new interceptor. How do you want to proceed? Regards -- View this message in context: http://old.nabble.com/Struts-2%2C-Session-Management-and-%22WorkFlow%22.-tp29726121p29735458.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts 2, Session Management and WorkFlow.
Roger, Can I simply mail the eclipse project to you? We can discuss the usage over email and get it running. I am planning to work on this over the next week and therefore we can actually release the plugin formally in a week or two. Regards, Rahul rahulmohan wrote: The page is correct. It supports only a single conversation as of now. I have a modified version which supports multiple conversations. Couldn't get around to committing it so far. Will be happy to share the code informally. Given that it's me who is bleating about this, I'd be happy to try the new interceptor. How do you want to proceed? Regards -- View this message in context: http://old.nabble.com/Struts-2%2C- Session-Management-and-%22WorkFlow%22.-tp29726121p29735458.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org =-=-= Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you
Re: Struts 2, Session Management and WorkFlow.
Hi Rahul, Please send it to rogerdotvarleyatgooglemaildotcom Thanks Roger -- View this message in context: http://old.nabble.com/Struts-2%2C-Session-Management-and-%22WorkFlow%22.-tp29726121p29736089.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Struts 2, Session Management and WorkFlow.
Hi, I have a use case, where after the user logs in to the application (handled by Spring Security) I need to start a setup wizard comprising three views and their associated actions. These must be processed in strict sequence and the user must not be allowed to break out by either typing a URL into the browser or loading a bookmark. Once the setup wizard is complete and the user moves into the application proper, (s)he should not be able to re-enter the setup wizard, unless he first logs out logs in again. I had considered experimenting with the JQuery plugin to see if I could implement this as a series of modal dialogs, but of course I need javascript active at the client for this to work. This appears to be the realm of either the ScopeInterceptor or the SpringWebflow plugin, but I'm having difficulty in finding tutorials or example code other than that cwiki.apache.org/S2PLUGINS (and the car insurance example mentioned by the SpringWebflow plugin, is not shipped with the download.) to help me decide which of these, if either, I should use. I'd be grateful for any pointers. In addition, since research suggests that it is practically impossible to prevent, I need to be able to handle the situation where, after establishing the session, the user opens multiple browser tabs into my app and runs multiple functions at the same time, for example, starts editing orders for two different customers in two seperate tabs. How do I keep session data seperate for the two tabs? And my final use case, is that I have one other activity that *absolutely must* be a session singleton. That is, it cannot start if the user is running another action, and while it's active, the user cannot start another action. What techniques/patterns is everyone using to handle this? Regards -- View this message in context: http://old.nabble.com/Struts-2%2C-Session-Management-and-%22WorkFlow%22.-tp29726121p29726121.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts 2, Session Management and WorkFlow.
Hi Roger, i'm not familiar with SpringWebflow, maybe some one who uses it can aswear if this can be achevied only by it, but i would go fo my own custom interceptor in this case and SpringWebflow only to support wizzard webflow. Mainly because there are more things that needs to be addressed than just webflow. In an interceptor You can check if a user is logged in, so it's easy to have wizzard immediate after login and only login page if user is not logged in. Then after user is logged in You can check if wizzard is completed and if not redirect him at current wizzard page (kept in session for example). If the wizzard is completed then he can't enter wizzard url's. As for how do You keep session data seperate for the two tabs? Well the best solution i know is You don't, when You use any http framework, but it's just my personal opinion. Best greetings, Paweł Wielgus. 2010/9/16 RogerV roger.var...@googlemail.com: Hi, I have a use case, where after the user logs in to the application (handled by Spring Security) I need to start a setup wizard comprising three views and their associated actions. These must be processed in strict sequence and the user must not be allowed to break out by either typing a URL into the browser or loading a bookmark. Once the setup wizard is complete and the user moves into the application proper, (s)he should not be able to re-enter the setup wizard, unless he first logs out logs in again. I had considered experimenting with the JQuery plugin to see if I could implement this as a series of modal dialogs, but of course I need javascript active at the client for this to work. This appears to be the realm of either the ScopeInterceptor or the SpringWebflow plugin, but I'm having difficulty in finding tutorials or example code other than that cwiki.apache.org/S2PLUGINS (and the car insurance example mentioned by the SpringWebflow plugin, is not shipped with the download.) to help me decide which of these, if either, I should use. I'd be grateful for any pointers. In addition, since research suggests that it is practically impossible to prevent, I need to be able to handle the situation where, after establishing the session, the user opens multiple browser tabs into my app and runs multiple functions at the same time, for example, starts editing orders for two different customers in two seperate tabs. How do I keep session data seperate for the two tabs? And my final use case, is that I have one other activity that *absolutely must* be a session singleton. That is, it cannot start if the user is running another action, and while it's active, the user cannot start another action. What techniques/patterns is everyone using to handle this? Regards -- View this message in context: http://old.nabble.com/Struts-2%2C-Session-Management-and-%22WorkFlow%22.-tp29726121p29726121.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts 2, Session Management and WorkFlow.
Paweł Wielgus wrote: In an interceptor You can check if a user is logged in, so it's easy to have wizzard immediate after login and only login page if user is not logged in. Then after user is logged in You can check if wizzard is completed and if not redirect him at current wizzard page (kept in session for example). If the wizzard is completed then he can't enter wizzard url's. That would work in this case, but my interceptor would be specific to the wizard. If I then introduced a second wizard, then I'd need another interceptor to handle that one. I was hoping for something a little more generic. Paweł Wielgus wrote: As for how do You keep session data seperate for the two tabs? Well the best solution i know is You don't, when You use any http framework, but it's just my personal opinion. So how would you deal with a client opening two tabs and editing an order for two different customers in each? I could put key information such as customerId orderId into a form as a hidden field, but I like to retain that in the session to facilitate detecting malicious update attempts - I can check that the customerId/OrderId coming back are the ids that I originally sent - for example. I found this http://www.vitara.org/cms/struts_2_cookbook/using_a_conversation_scope - which looks like an attempt to do what I want to do, has anyone used it in anger, or is there something similair out there? Regards -- View this message in context: http://old.nabble.com/Struts-2%2C-Session-Management-and-%22WorkFlow%22.-tp29726121p29726763.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts 2, Session Management and WorkFlow.
Hi Roger, That would work in this case, but my interceptor would be specific to the wizard. If I then introduced a second wizard, then I'd need another interceptor to handle that one. I was hoping for something a little more generic. Won't You also add more bussiness logic if You add another wizzard? It's hard for me to imagine such a generic tool that will do it without a lot of configuration or writing this special logic into some class. But if You will find such a solution please write back about it. So how would you deal with a client opening two tabs and editing an order for two different customers in each? I could put key information such as customerId orderId into a form as a hidden field, but I like to retain that in the session to facilitate detecting malicious update attempts - I can check that the customerId/OrderId coming back are the ids that I originally sent - for example. Every form needs to have all necessary ids as hidden fields. That way, posting a form will always update appropriate object with appropriate data. And it's completly unimportant from which tab it will be submited. As for me, user can open 15 tabs and do 15 different things in them simultaneously. Imagine a list of objects with edit links, user opens these edit links in new tabs, and wants to edit and save one by one - why would You dissallow it? In the end HTTP is stateless. Best greetings, Paweł Wielgus. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts 2, Session Management and WorkFlow.
Seam handles multiple conversations; you might see how it implements it. Dave On Thu, Sep 16, 2010 at 6:24 AM, RogerV roger.var...@googlemail.com wrote: Paweł Wielgus wrote: In an interceptor You can check if a user is logged in, so it's easy to have wizzard immediate after login and only login page if user is not logged in. Then after user is logged in You can check if wizzard is completed and if not redirect him at current wizzard page (kept in session for example). If the wizzard is completed then he can't enter wizzard url's. That would work in this case, but my interceptor would be specific to the wizard. If I then introduced a second wizard, then I'd need another interceptor to handle that one. I was hoping for something a little more generic. Paweł Wielgus wrote: As for how do You keep session data seperate for the two tabs? Well the best solution i know is You don't, when You use any http framework, but it's just my personal opinion. So how would you deal with a client opening two tabs and editing an order for two different customers in each? I could put key information such as customerId orderId into a form as a hidden field, but I like to retain that in the session to facilitate detecting malicious update attempts - I can check that the customerId/OrderId coming back are the ids that I originally sent - for example. I found this http://www.vitara.org/cms/struts_2_cookbook/using_a_conversation_scope - which looks like an attempt to do what I want to do, has anyone used it in anger, or is there something similair out there? Regards -- View this message in context: http://old.nabble.com/Struts-2%2C-Session-Management-and-%22WorkFlow%22.-tp29726121p29726763.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts 2, Session Management and WorkFlow.
Paweł Wielgus wrote: Every form needs to have all necessary ids as hidden fields. That way, posting a form will always update appropriate object with appropriate data. Agreed, but how do you check that the hidden ids that come back with the submit are the ones that you sent in the first place? It's not that hard to use something like HttpClient to send malicious POST's Paweł Wielgus wrote: And it's completly unimportant from which tab it will be submited. As for me, user can open 15 tabs and do 15 different things in them simultaneously. Imagine a list of objects with edit links, user opens these edit links in new tabs, and wants to edit and save one by one - why would You dissallow it? In the end HTTP is stateless. I'm not trying to stop them using multiple tabs, I'm trying to ensure that they don't walk over each other while they're doing it. Looking at the code for MessageStoreInteceptor, for example, I think (and I need to test this) it looks like, in a multi-tab environment, you couldn't be sure which tab would get any error messages. Tab A submits a form with errors, Tab B submits another form, it looks like Tab B could potentially return with TabA's error messages - which could be doubly confusing if the activities in TabA and TabB were unrelated. Processing multiple tabs simultaneously seems to me to be comparable to running multiple threads accessing an unsynchronized common resource - the HttpSession. Regards -- View this message in context: http://old.nabble.com/Struts-2%2C-Session-Management-and-%22WorkFlow%22.-tp29726121p29727312.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts 2, Session Management and WorkFlow.
Agreed, but how do you check that the hidden ids that come back with the submit are the ones that you sent in the first place? It's not that hard to use something like HttpClient to send malicious POST's Yes, it's possible but not likely, in general users use multiple tabs, and they don't use HttpClients. If You would like to be protected from params manipulating, another mechanism would be needed. I'm not trying to stop them using multiple tabs, I'm trying to ensure that they don't walk over each other while they're doing it. Then if any POST need no session data they won't interrrupt each other, such POSTs are self-sufficient. Looking at the code for MessageStoreInteceptor, for example, I think (and I need to test this) it looks like, in a multi-tab environment, you couldn't be sure which tab would get any error messages. Tab A submits a form with errors, Tab B submits another form, it looks like Tab B could potentially return with TabA's error messages - which could be doubly confusing if the activities in TabA and TabB were unrelated. Processing multiple tabs simultaneously seems to me to be comparable to running multiple threads accessing an unsynchronized common resource - the HttpSession. As far as i remember MessageStoreInteceptor is needed when after submit a redirect is called and You don't want to lose errors, and it will not function properly when user will submit many forms for the same object in one moment. As Dave said, check out Seam framework, there is also a thread (month or years ago) on this group where people where talking about adding such functionality to struts2. Best greetings, Paweł Wielgus. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
RE: Struts 2, Session Management and WorkFlow.
com.opensymphony.xwork2.ValidationAware /** * Set the field error map of fieldname (String) to Collection of String error messages. * @param errorMap field error map */ void setFieldErrors(MapString, ListString errorMap); fieldName would be unique for each assigned IDentifier for the 1st param to the Map in setFieldErrors e.g. Tab1: Tab1TextField1,Tab1TextField2 Tab2: Tab2TextField1,Tab2TextField2 did you have something else in mind? Martin Gainty __ Jogi és Bizalmassági kinyilatkoztatás/Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Ez az üzenet bizalmas. Ha nem ön az akinek szánva volt, akkor kérjük, hogy jelentse azt nekünk vissza. Semmiféle továbbítása vagy másolatának készítése nem megengedett. Ez az üzenet csak ismeret cserét szolgál és semmiféle jogi alkalmazhatósága sincs. Mivel az electronikus üzenetek könnyen megváltoztathatóak, ezért minket semmi felelöség nem terhelhet ezen üzenet tartalma miatt. Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. Date: Thu, 16 Sep 2010 04:16:28 -0700 From: roger.var...@googlemail.com To: user@struts.apache.org Subject: Re: Struts 2, Session Management and WorkFlow. Paweł Wielgus wrote: Every form needs to have all necessary ids as hidden fields. That way, posting a form will always update appropriate object with appropriate data. Agreed, but how do you check that the hidden ids that come back with the submit are the ones that you sent in the first place? It's not that hard to use something like HttpClient to send malicious POST's Paweł Wielgus wrote: And it's completly unimportant from which tab it will be submited. As for me, user can open 15 tabs and do 15 different things in them simultaneously. Imagine a list of objects with edit links, user opens these edit links in new tabs, and wants to edit and save one by one - why would You dissallow it? In the end HTTP is stateless. I'm not trying to stop them using multiple tabs, I'm trying to ensure that they don't walk over each other while they're doing it. Looking at the code for MessageStoreInteceptor, for example, I think (and I need to test this) it looks like, in a multi-tab environment, you couldn't be sure which tab would get any error messages. Tab A submits a form with errors, Tab B submits another form, it looks like Tab B could potentially return with TabA's error messages - which could be doubly confusing if the activities in TabA and TabB were unrelated. Processing multiple tabs simultaneously seems to me to be comparable to running multiple threads accessing an unsynchronized common resource - the HttpSession. Regards -- View this message in context: http://old.nabble.com/Struts-2%2C-Session-Management-and-%22WorkFlow%22.-tp29726121p29727312.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts 2, Session Management and WorkFlow.
On Thu, Sep 16, 2010 at 7:57 AM, Martin Gainty wrote: com.opensymphony.xwork2.ValidationAware /** * Set the field error map of fieldname (String) to Collection of String error messages. * @param errorMap field error map */ void setFieldErrors(MapString, ListString errorMap); fieldName would be unique for each assigned IDentifier for the 1st param to the Map in setFieldErrors e.g. Tab1: Tab1TextField1,Tab1TextField2 Tab2: Tab2TextField1,Tab2TextField2 did you have something else in mind? Yeah. Dave It's like I never left Newton - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts 2, Session Management and WorkFlow.
Hi Pawel, Paweł Wielgus wrote: Agreed, but how do you check that the hidden ids that come back with the submit are the ones that you sent in the first place? It's not that hard to use something like HttpClient to send malicious POST's Yes, it's possible but not likely, in general users use multiple tabs, and they don't use HttpClients. If You would like to be protected from params manipulating, another mechanism would be needed. Unlikely in an Intranet environment prehaps, but there are a lot of nasty people on the internet who *could* programmatically attack your application. Whether you worry about that depends I suppose on the sensitivity of your web application. Paweł Wielgus wrote: Then if any POST need no session data they won't interrrupt each other, such POSTs are self-sufficient. And how do you avoid using the session - shoving everything into request scope and returning it through hidden fields is insecure. Wasn't it this approach of storing all state on the client through the HttpRequest that drew so much flack for the early JSF implementations. Paweł Wielgus wrote: As far as i remember MessageStoreInteceptor is needed when after submit a redirect is called and You don't want to lose errors, and it will not function properly when user will submit many forms for the same object in one moment. As Dave said, check out Seam framework, there is also a thread (month or years ago) on this group where people where talking about adding such functionality to struts2. Actually, looking at some of the source code, there's quite a lot that could potentially break in Struts if there was heavy use of multiple tabs - ScopedModelDrivenInterceptor, for example, just stores things in the Session under a known key. Preliminary poking around in Seam, and it looks like their HttpSession, contains something on the lines of a MapKey,MapString,Object where Key uniquely identifies a tab conversation and the MapString,Object is similair to the current Struts view of the session from SessionAware. The conversation is initiated serverside and the key is passed backwards and forwards via the HttpRequest. (Obviously it's a tad more sophisticated than that, but that seems to be the essence) http://myfaces.apache.org/orchestra/myfaces-orchestra-core/multiwindow.html has an interesting take on the issues involved with multi tab processing and concludes that none of Spring WebFlow, JBoss Seam or Apache Wicket actually get it right 100%. Given that multi tab browsing has been around for a while now and even core Struts seems to assume single window access to the session is the norm, perhaps I'm just being over cautious. Regards -- View this message in context: http://old.nabble.com/Struts-2%2C-Session-Management-and-%22WorkFlow%22.-tp29726121p29727862.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts 2, Session Management and WorkFlow.
Correct--the essence of implementation is just a dual-layer context with the additional key passed back and forth (I assume for every request). On Thu, Sep 16, 2010 at 8:14 AM, RogerV roger.var...@googlemail.com wrote: Hi Pawel, Paweł Wielgus wrote: Agreed, but how do you check that the hidden ids that come back with the submit are the ones that you sent in the first place? It's not that hard to use something like HttpClient to send malicious POST's Yes, it's possible but not likely, in general users use multiple tabs, and they don't use HttpClients. If You would like to be protected from params manipulating, another mechanism would be needed. Unlikely in an Intranet environment prehaps, but there are a lot of nasty people on the internet who *could* programmatically attack your application. Whether you worry about that depends I suppose on the sensitivity of your web application. Paweł Wielgus wrote: Then if any POST need no session data they won't interrrupt each other, such POSTs are self-sufficient. And how do you avoid using the session - shoving everything into request scope and returning it through hidden fields is insecure. Wasn't it this approach of storing all state on the client through the HttpRequest that drew so much flack for the early JSF implementations. Paweł Wielgus wrote: As far as i remember MessageStoreInteceptor is needed when after submit a redirect is called and You don't want to lose errors, and it will not function properly when user will submit many forms for the same object in one moment. As Dave said, check out Seam framework, there is also a thread (month or years ago) on this group where people where talking about adding such functionality to struts2. Actually, looking at some of the source code, there's quite a lot that could potentially break in Struts if there was heavy use of multiple tabs - ScopedModelDrivenInterceptor, for example, just stores things in the Session under a known key. Preliminary poking around in Seam, and it looks like their HttpSession, contains something on the lines of a MapKey,MapString,Object where Key uniquely identifies a tab conversation and the MapString,Object is similair to the current Struts view of the session from SessionAware. The conversation is initiated serverside and the key is passed backwards and forwards via the HttpRequest. (Obviously it's a tad more sophisticated than that, but that seems to be the essence) http://myfaces.apache.org/orchestra/myfaces-orchestra-core/multiwindow.html has an interesting take on the issues involved with multi tab processing and concludes that none of Spring WebFlow, JBoss Seam or Apache Wicket actually get it right 100%. Given that multi tab browsing has been around for a while now and even core Struts seems to assume single window access to the session is the norm, perhaps I'm just being over cautious. Regards -- View this message in context: http://old.nabble.com/Struts-2%2C-Session-Management-and-%22WorkFlow%22.-tp29726121p29727862.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts 2, Session Management and WorkFlow.
Dave Newton-6 wrote: Correct--the essence of implementation is just a dual-layer context with the additional key passed back and forth (I assume for every request). Hi Dave, Doesn't seem too complicated to implement :) - but given this conversation from Jan 2009 http://old.nabble.com/Struts-2-session-problem-td21513305i40.html and this from November 2006 http://old.nabble.com/-s2--Multiple-Session-Conversations-Using-Same-Action-td7364935.html#a7364935, it would appear that it either proved too complicated or there was insufficient push. Any insights? Regards -- View this message in context: http://old.nabble.com/Struts-2%2C-Session-Management-and-%22WorkFlow%22.-tp29726121p29728192.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts 2, Session Management and WorkFlow.
RogerV wrote: Dave Newton-6 wrote: Correct--the essence of implementation is just a dual-layer context with the additional key passed back and forth (I assume for every request). Hi Dave, Doesn't seem too complicated to implement :) - but given this conversation from Jan 2009 http://old.nabble.com/Struts-2-session-problem-td21513305i40.html and this from November 2006 http://old.nabble.com/-s2--Multiple-Session-Conversations-Using-Same-Action-td7364935.html#a7364935, it would appear that it either proved too complicated or there was insufficient push. Any insights? Regards Doh! This wouldn't be the raison d'etre for the Scope plugin by any chance? -- View this message in context: http://old.nabble.com/Struts-2%2C-Session-Management-and-%22WorkFlow%22.-tp29726121p29728230.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts 2, Session Management and WorkFlow.
Hi all, i've just read about Seam, and if i understand it wright, creation of Conversation is made by annotation, so it's not an automatic decision of the framework but just a developer decision in action code to create a conversation. Unlikely in an Intranet environment prehaps, but there are a lot of nasty people on the internet who *could* programmatically attack your application. Whether you worry about that depends I suppose on the sensitivity of your web application. One thing is to have self-suficient forms. Another thing is authorization - totally different story. And how do you avoid using the session - shoving everything into request scope and returning it through hidden fields is insecure ... I'm not saying not to use session at all, what i'm saing is, when user submits a form by post, action need not to fetch any extra data except user himself from session to perform an update of edited object. Best greetings, Paweł Wielgus. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts 2, Session Management and WorkFlow.
Doh! This wouldn't be the raison d'etre for the Scope plugin by any chance? Exactly! I think scope plugin solves your problem. The conversation support in scope plugin is not as rich as that in seam, but can serve as the starting point. I have fixed a couple of bugs in the scope plugin and I am working on some enhancements in scope plugin to take care of nested conversations, fork, join etc. Don't have time to commit it now. If anyone wants to try using it, I can share my working copy where the fixes are present. From: RogerV roger.var...@googlemail.com To: user@struts.apache.org Date: 16-09-2010 18:34 Subject: Re: Struts 2, Session Management and WorkFlow. RogerV wrote: Dave Newton-6 wrote: Correct--the essence of implementation is just a dual-layer context with the additional key passed back and forth (I assume for every request). Hi Dave, Doesn't seem too complicated to implement :) - but given this conversation from Jan 2009 http://old.nabble.com/Struts-2-session-problem-td21513305i40.html and this from November 2006 http://old.nabble.com/-s2--Multiple-Session-Conversations-Using-Same-Action-td7364935.html#a7364935 , it would appear that it either proved too complicated or there was insufficient push. Any insights? Regards Doh! This wouldn't be the raison d'etre for the Scope plugin by any chance? -- View this message in context: http://old.nabble.com/Struts-2%2C-Session-Management-and-%22WorkFlow%22.-tp29726121p29728230.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org =-=-= Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you
Re: Struts 2, Session Management and WorkFlow.
rahulmohan wrote: Exactly! I think scope plugin solves your problem. The conversation support in scope plugin is not as rich as that in seam, but can serve as the starting point. I have fixed a couple of bugs in the scope plugin and I am working on some enhancements in scope plugin to take care of nested conversations, fork, join etc. Don't have time to commit it now. If anyone wants to try using it, I can share my working copy where the fixes are present. The current page at https://cwiki.apache.org/S2PLUGINS/scope-plugin.html states that the current plugin only supports a single conversation, which of course doesn't help with supporting multiple tabs. Is this still the case, or is the page out of date? Regards -- View this message in context: http://old.nabble.com/Struts-2%2C-Session-Management-and-%22WorkFlow%22.-tp29726121p29728740.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts 2, Session Management and WorkFlow.
I don't believe it allows multiple conversations yet, but I haven't checked the source, either. Dave On Thu, Sep 16, 2010 at 9:56 AM, RogerV roger.var...@googlemail.com wrote: rahulmohan wrote: Exactly! I think scope plugin solves your problem. The conversation support in scope plugin is not as rich as that in seam, but can serve as the starting point. I have fixed a couple of bugs in the scope plugin and I am working on some enhancements in scope plugin to take care of nested conversations, fork, join etc. Don't have time to commit it now. If anyone wants to try using it, I can share my working copy where the fixes are present. The current page at https://cwiki.apache.org/S2PLUGINS/scope-plugin.html states that the current plugin only supports a single conversation, which of course doesn't help with supporting multiple tabs. Is this still the case, or is the page out of date? Regards -- View this message in context: http://old.nabble.com/Struts-2%2C-Session-Management-and-%22WorkFlow%22.-tp29726121p29728740.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts 2, Session Management and WorkFlow.
rahulmohan wrote: Exactly! I think scope plugin solves your problem. The conversation support in scope plugin is not as rich as that in seam, but can serve as the starting point. I have fixed a couple of bugs in the scope plugin and I am working on some enhancements in scope plugin to take care of nested conversations, fork, join etc. Don't have time to commit it now. If anyone wants to try using it, I can share my working copy where the fixes are present. The current page at https://cwiki.apache.org/S2PLUGINS/scope-plugin.html states that the current plugin only supports a single conversation, which of course doesn't help with supporting multiple tabs. Is this still the case, or is the page out of date? The page is correct. It supports only a single conversation as of now. I have a modified version which supports multiple conversations. Couldn't get around to committing it so far. Will be happy to share the code informally. =-=-= Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you
Session Management
Hello All, I have this common scenario of handling sessions. The scenario is: 1. To check session on the jsp side when ever a page is loaded. This is fairly simple and can be done without much hassle. 2. Lets say the page is left unattended and the session expires but the user is still on that authenticated page. Not the thing is how can I make sure that any such request is not processed and is redirected to the login page. I can check the session availability but how can I redirect the control to login page. One more thing, I am working on YUI + Ajax based application, so basically all the action requests are via javascript. Any help would be appreciated. Baran -- View this message in context: http://www.nabble.com/Session-Management-tp23074591p23074591.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Session Management
Hi Baran, You can check for this in interceptor in struts2 or in mainservlet in struts1. Best greeitings, Paweł Wielgus. 2009/4/16 Baran baran.k...@gmail.com: Hello All, I have this common scenario of handling sessions. The scenario is: 1. To check session on the jsp side when ever a page is loaded. This is fairly simple and can be done without much hassle. 2. Lets say the page is left unattended and the session expires but the user is still on that authenticated page. Not the thing is how can I make sure that any such request is not processed and is redirected to the login page. I can check the session availability but how can I redirect the control to login page. One more thing, I am working on YUI + Ajax based application, so basically all the action requests are via javascript. Any help would be appreciated. Baran -- View this message in context: http://www.nabble.com/Session-Management-tp23074591p23074591.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Session Management
Hello Paul, Thanks for the prompt response, I guess that is a right way to do, but plz suggest me how can i redirect my control to the login page. Can u plz get me the syntax, the interceptor thing is ready all i need to do is to redirect if session is not there... Thanks Baran Paweł Wielgus wrote: Hi Baran, You can check for this in interceptor in struts2 or in mainservlet in struts1. Best greeitings, Paweł Wielgus. 2009/4/16 Baran baran.k...@gmail.com: Hello All, I have this common scenario of handling sessions. The scenario is: 1. To check session on the jsp side when ever a page is loaded. This is fairly simple and can be done without much hassle. 2. Lets say the page is left unattended and the session expires but the user is still on that authenticated page. Not the thing is how can I make sure that any such request is not processed and is redirected to the login page. I can check the session availability but how can I redirect the control to login page. One more thing, I am working on YUI + Ajax based application, so basically all the action requests are via javascript. Any help would be appreciated. Baran -- View this message in context: http://www.nabble.com/Session-Management-tp23074591p23074591.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org -- View this message in context: http://www.nabble.com/Session-Management-tp23074591p23074831.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Session Management
package example3; import com.opensymphony.xwork2.Action; import com.opensymphony.xwork2.ActionInvocation; import com.opensymphony.xwork2.interceptor.Interceptor; /** * * @author Lukasz */ public class LoginInterceptor implements Interceptor { public void destroy() { } public void init() { } public String intercept(ActionInvocation arg0) throws Exception { if (arg0.getAction() instanceof LoginAction) { return arg0.invoke(); } String user = (String) arg0.getInvocationContext().getSession().get(user); if ( user == null || .equals(user)) { return Action.LOGIN; } else { return arg0.invoke(); } } } Regards -- Lukasz http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Session Management
Hi, I guess I am fine with the intercepter side, but the issue is I am not able to redirect it to a new page. The intercepter is working fine, but the respone is coming back to the same page and not to the login page. Any thing that I might be missing in the struts.xml or somewhere? coz intercepter is fine all I need is to send it to new page. Thanks Lukasz Lenart wrote: package example3; import com.opensymphony.xwork2.Action; import com.opensymphony.xwork2.ActionInvocation; import com.opensymphony.xwork2.interceptor.Interceptor; /** * * @author Lukasz */ public class LoginInterceptor implements Interceptor { public void destroy() { } public void init() { } public String intercept(ActionInvocation arg0) throws Exception { if (arg0.getAction() instanceof LoginAction) { return arg0.invoke(); } String user = (String) arg0.getInvocationContext().getSession().get(user); if ( user == null || .equals(user)) { return Action.LOGIN; } else { return arg0.invoke(); } } } Regards -- Lukasz http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org -- View this message in context: http://www.nabble.com/Session-Management-tp23074591p23075474.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Session Management
Hi, look at line: return Action.LOGIN; this is the place where interceptor is returning simple string which represents forward, in my case i have logon defined in struts.xml like this: global-results result name=logon/WEB-INF/pages/logon.jsp/result /global-results Hope that helps, Paweł Wielgus. 2009/4/16 Baran baran.k...@gmail.com: Hi, I guess I am fine with the intercepter side, but the issue is I am not able to redirect it to a new page. The intercepter is working fine, but the respone is coming back to the same page and not to the login page. Any thing that I might be missing in the struts.xml or somewhere? coz intercepter is fine all I need is to send it to new page. Thanks Lukasz Lenart wrote: package example3; import com.opensymphony.xwork2.Action; import com.opensymphony.xwork2.ActionInvocation; import com.opensymphony.xwork2.interceptor.Interceptor; /** * * @author Lukasz */ public class LoginInterceptor implements Interceptor { public void destroy() { } public void init() { } public String intercept(ActionInvocation arg0) throws Exception { if (arg0.getAction() instanceof LoginAction) { return arg0.invoke(); } String user = (String) arg0.getInvocationContext().getSession().get(user); if ( user == null || .equals(user)) { return Action.LOGIN; } else { return arg0.invoke(); } } } Regards -- Lukasz http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org -- View this message in context: http://www.nabble.com/Session-Management-tp23074591p23075474.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Session Management
Hi, Okay, this is the response I get, I did used the same thing that you are suggesting, Can it be an issue that I am using AJAX, as the html code of the login page is coming as a response of the http request I am making, do I have to redirect it via my JSP page(using javascript)? As otherwise I guess the whole thing is working fine. Regards, Baran -- View this message in context: http://www.nabble.com/Session-Management-tp23074591p23076002.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Session Management
Hi, yes it's the case, because if You are firing ajax request to server it doesn't really care if it's ajax or plain html request, so the responsibility to behave properly is on the page side. I don't know if your interceptor returning html code (page) is ok for You? Or maybe it should return something else to tell the page to reload all of it? Because as i think You would like to achieve such scenario: 1. user session is lost 2. user clicks on a link (ajax call) 3. interceptor catches the call and states that it's not allowed 4. page is getting some kind of info that this request is no more accessible and it should go to loginPage.jsp - total reload of the page I haven't been doing such things so i won't help You much with it more. Best greetings, Paweł Wielgus. 2009/4/16 Baran baran.k...@gmail.com: Hi, Okay, this is the response I get, I did used the same thing that you are suggesting, Can it be an issue that I am using AJAX, as the html code of the login page is coming as a response of the http request I am making, do I have to redirect it via my JSP page(using javascript)? As otherwise I guess the whole thing is working fine. Regards, Baran -- View this message in context: http://www.nabble.com/Session-Management-tp23074591p23076002.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Session Management
Hello Pawel, well the intercepter can get a message that suggest us to have a login before proceeding, I guess that can be done, I was trying this thing as I am a newbie in Struts and I was exploring the possibilities. Thats the best I can do :) Thanks for ur help and suggestions. Regards, Baran Paweł Wielgus wrote: Hi, yes it's the case, because if You are firing ajax request to server it doesn't really care if it's ajax or plain html request, so the responsibility to behave properly is on the page side. I don't know if your interceptor returning html code (page) is ok for You? Or maybe it should return something else to tell the page to reload all of it? Because as i think You would like to achieve such scenario: 1. user session is lost 2. user clicks on a link (ajax call) 3. interceptor catches the call and states that it's not allowed 4. page is getting some kind of info that this request is no more accessible and it should go to loginPage.jsp - total reload of the page I haven't been doing such things so i won't help You much with it more. Best greetings, Paweł Wielgus. 2009/4/16 Baran baran.k...@gmail.com: Hi, Okay, this is the response I get, I did used the same thing that you are suggesting, Can it be an issue that I am using AJAX, as the html code of the login page is coming as a response of the http request I am making, do I have to redirect it via my JSP page(using javascript)? As otherwise I guess the whole thing is working fine. Regards, Baran -- View this message in context: http://www.nabble.com/Session-Management-tp23074591p23076002.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org -- View this message in context: http://www.nabble.com/Session-Management-tp23074591p23076293.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: session management
Hi, i wasn't able to understand Your problem, so i was thinking that the code You cited below was about the problem discussed on my blog. If it's not this problem than try to describe the problem in other words, i simply don't get it. Best greetings, Paweł Wielgus. 2009/2/20 mthalis dinesh_nade...@yahoo.com: Give me another suggestion pz. mthalis wrote: i have already implemented login, logout parts using struts(jsp). But the case is after logged out, when i press back button it is redirected to the particular page that i was in before logged out. these are my codings, and plz kind enough to give me reasonable answer. //set sessions// HttpSession session=request.getSession(); session.setAttribute(userName, userLoginForm.getName()); //verify log or not % String userId=(String)session.getAttribute(userName); if(userId != null){ % ///if not log % } else{ response.sendRedirect(./index.jsp); } % //logout % session.removeAttribute(userName); session.invalidate(); response.sendRedirect(./welcome.jsp); % -- View this message in context: http://www.nabble.com/session-management-tp22054409p22114881.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: session management
mthalis wrote: i have already implemented login, logout parts using struts(jsp). But the case is after logged out, when i press back button it is redirected to the particular page that i was in before logged out. these are my codings, and plz kind enough to give me reasonable answer. //set sessions// HttpSession session=request.getSession(); session.setAttribute(userName, userLoginForm.getName()); //verify log or not % String userId=(String)session.getAttribute(userName); if(userId != null){ % ///if not log % } else{ response.sendRedirect(./index.jsp); } % //logout % session.removeAttribute(userName); session.invalidate(); response.sendRedirect(./welcome.jsp); % Leaving the discussion about the scriptlets aside, and that this isn't really a Struts issue... When the user hits the back button if a page has been cached it will be displayed--no server interaction, so no server interaction. Turn off page caching--this forces the browser to go back to the server, whereupon it will discover the user is no longer logged in, and run the... scriptlet. Dave - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: session management
Give me another suggestion pz. mthalis wrote: i have already implemented login, logout parts using struts(jsp). But the case is after logged out, when i press back button it is redirected to the particular page that i was in before logged out. these are my codings, and plz kind enough to give me reasonable answer. //set sessions// HttpSession session=request.getSession(); session.setAttribute(userName, userLoginForm.getName()); //verify log or not % String userId=(String)session.getAttribute(userName); if(userId != null){ % ///if not log % } else{ response.sendRedirect(./index.jsp); } % //logout % session.removeAttribute(userName); session.invalidate(); response.sendRedirect(./welcome.jsp); % -- View this message in context: http://www.nabble.com/session-management-tp22054409p22114881.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
session management
i have already implemented login, logout parts using struts(jsp). But the case is after logged out, when i press back button it is redirected to the particular page that i was in before logged out. these are my codings, and plz kind enough to give me reasonable answer. //set sessions// HttpSession session=request.getSession(); session.setAttribute(userName, userLoginForm.getName()); //verify log or not % String userId=(String)session.getAttribute(userName); if(userId != null){ % ///if not log % } else{ response.sendRedirect(./index.jsp); } % //logout % session.removeAttribute(userName); session.invalidate(); response.sendRedirect(./welcome.jsp); % -- View this message in context: http://www.nabble.com/session-management-tp22054409p22054409.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: session management
Hi mthalis, maybe this will help: http://poulwiel.blogspot.com/2009/01/browser-back-button-and-caching-problem.html but to be honest i don't know if i understand Your problem at all. Best greetings, Paweł Wielgus. 2009/2/17 mthalis dinesh_nade...@yahoo.com: i have already implemented login, logout parts using struts(jsp). But the case is after logged out, when i press back button it is redirected to the particular page that i was in before logged out. these are my codings, and plz kind enough to give me reasonable answer. //set sessions// HttpSession session=request.getSession(); session.setAttribute(userName, userLoginForm.getName()); //verify log or notMaybe % String userId=(String)session.getAttribute(userName); if(userId != null){ % ///if not log % } else{ response.sendRedirect(./index.jsp); } % //logout % session.removeAttribute(userName); session.invalidate(); response.sendRedirect(./welcome.jsp); % -- View this message in context: http://www.nabble.com/session-management-tp22054409p22054409.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Session management when using IE 7
Hi, When I start my struts application in the same IE instance in 2 tabs I get the same sessionid and when I disconnect from one the other is systematically disconnected. I think there is an overlapping of session in my application. The same problem occur using FireFox. Additionally, I don’t have the problem when using 2 different instance of my browser in 2 machine or in the same machine. Could you please help me? Thanks. -- View this message in context: http://www.nabble.com/Session-management-when-using-IE-7-tp18688636p18688636.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OT] Re: Session management when using IE 7
--- On Mon, 7/28/08, OTA_DZ [EMAIL PROTECTED] wrote: I think there is an overlapping of session in my application. Technically it's an overlapping of sessions in the browser. Different browsers handle these things differently; in general tabbed browsing will share a single session. That's not a framework issue; if you want to support it you'll probably have to do something tricky, but maybe someone here already has a solution. Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Re: Session management when using IE 7
You may want to add support for conversation scope to your application so that objects stored in session scope doesn't get mixed up. 2008/7/28, Dave Newton [EMAIL PROTECTED]: --- On Mon, 7/28/08, OTA_DZ [EMAIL PROTECTED] wrote: I think there is an overlapping of session in my application. Technically it's an overlapping of sessions in the browser. Different browsers handle these things differently; in general tabbed browsing will share a single session. That's not a framework issue; if you want to support it you'll probably have to do something tricky, but maybe someone here already has a solution. Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Session Management
All, I have couple of questions while designing a web app using struts. My application uses Httpsession variables. 1. How do we handle a user from opening duplicate sessions ? Like if a user is already logged in, if he/she tries to login again, system should mention that user is already logegd in. How do we do that ? 2. Also, back buttons. Back buttons shoudlnt display anything [like no data] should appear when user clicks back button How to handle these two situations ? Need suggestions. Thanks, Maya - Don't be flakey. Get Yahoo! Mail for Mobile and always stay connected to friends.
RE: Session Management
maya, Once a user is logged in session variables are set and your user interface should not display login option...but if you hit back button on browser you will see login option in that case use saveToken now to allow duplicate form submission Back buttons display thing because form contains it you need to reset it Regards -Original Message- From: Maya menon [mailto:[EMAIL PROTECTED] Sent: 15 March 2007 16:43 To: user@struts.apache.org Subject: Session Management All, I have couple of questions while designing a web app using struts. My application uses Httpsession variables. 1. How do we handle a user from opening duplicate sessions ? Like if a user is already logged in, if he/she tries to login again, system should mention that user is already logegd in. How do we do that ? 2. Also, back buttons. Back buttons shoudlnt display anything [like no data] should appear when user clicks back button How to handle these two situations ? Need suggestions. Thanks, Maya - Don't be flakey. Get Yahoo! Mail for Mobile and always stay connected to friends. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
MS Word IE , struts and session management
Hi all, This has totally baffled me and I desperately need help but I have a link as follows that I have put in a Microsoft word document that calls my struts action to display the specified resource. This was tested to be the same with IE6 or IE7 so its not the browser version causing the issue before anyone ponders it. ( This link will work so you can see what I mean. Copy it into word and then ctrl+click link to open browser - MAKE SURE ALL BROWSERS CLOSED FIRST ) http://bream.oucs.ox.ac.uk:8080/AskClient/process_browseresource.ask?selecte ditem=f9675f3c-6c26-11db-8bda-df79a00f08cb,0,0 The struts process action takes the selecteditem from the form stores it in the session then client redirects using a forward as follows to the correct display action: forward name=resourcedetail path=/display_browseresource.ask redirect=true / The display action is suppose to then extract the selectitem from the session and display its data on the page but as you can see I currently display a demo page. You will see next to the tabs on the displayed page a res= and sessid= these represent the resourceID of the selecteditem in the session and your session ID. Both of these should show values. Now click home and notice that res=null and the sessid has changed. YES CHANGED. Somehow the session that was in the actions have changed when the JSP runs and hence there is no longer a resource ID in the session as it's a different one. It gets even more bizarre now: Now go back to word and click the link again keeping the browser open. Notice this time that res=null and sessid remains the same as it was when you selected the home page previously. I can tell you that behind the scenes the display_browseresource action gets called twice once with the initial session from word and then again with the proper browser session. This is why this time res=null as the JSP is run not with words session but the browsers one instead. * If you do not use word and paste that url into the browser the session ID remains fixed and fine whether browser open or not. * If you do not use word and paste that url into the XP Run the session ID remains fixed and fine whether browser open or not. This issue seems related to WORD. I'm totally stuck as because the session changes I have absolutely no way to display my data because the session that holds all the display info is lost when the JSP runs. Please help? Any ideas? I'm baffled? Regards Andy Foster - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session management
So you know when exactly 30 mins elapses? right.? immedietly after this you can invalidate the session right? Regards PH On 10/3/06, sowjanya chimmani [EMAIL PROTECTED] wrote: Hi All, In our webapplication (struts based) we are using Ajax code (as part of header in all jsp)which will hits the server for every 10 sec so every time session will be updated so it is not possible to maintain the session (sesstion will not expires though after the session time out value ) .Please can any one help me to mintain the session(iam setting the session time out value as 30 min) -- sowjanya
Re: session management
It is not clear what you are asking. Is the problem that - the session is not being maintained even when setting the timeout to 30 minutes - even after 1/2 hour the session does not timeout An observation, pinging the server every 10 seconds will create a lot of unnecessary work on the server. You can probably change it to a 30-50 second ping and set the session timeout to around a minute if you want to maintain the session. Since you are pinging the server regularly, as long as the user has a window up their session will never expire, even if they walk away or leave their computer on and browser window up all nite. An alternate solution would be to keep track of non-ping activity and terminate the user's session after n minutes of only ping activity, maybe redirect them to a idle too long screen without the AJAX ping when this occurs. An alternative approach would be to be able to re-establish the user's session if they happen to time out, but that is no small task. good luck, -ed On 10/3/06, sowjanya chimmani [EMAIL PROTECTED] wrote: Hi All, In our webapplication (struts based) we are using Ajax code (as part of header in all jsp)which will hits the server for every 10 sec so every time session will be updated so it is not possible to maintain the session (sesstion will not expires though after the session time out value ) .Please can any one help me to mintain the session(iam setting the session time out value as 30 min) -- sowjanya - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
session management
Hi All, In our webapplication (struts based) we are using Ajax code (as part of header in all jsp)which will hits the server for every 10 sec so every time session will be updated so it is not possible to maintain the session (sesstion will not expires though after the session time out value ) .Please can any one help me to mintain the session(iam setting the session time out value as 30 min) -- sowjanya
Session management
Hi All, Can some one help me in understanding the session management with struts? How to do this with struts? I tried doing it in all the actions, but am not sure what am doing wrong, it does not work. Can any body help me on this. Any links, sample codes etc would be of great help. Anil. Information transmitted by this e-mail is proprietary to Infinite Computer Solutions and / or its Customers and is intended for use only by the individual or the entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please notify us immediately at [EMAIL PROTECTED] and delete this email from your records.
Re: Session Management Within Webapp 2 (jsessionid)s
I updated my processor and added the proper logic that Martin showed yesterday. And what I am seeing is as follows: 1) When the user clicks the site, I can watch the logs and it shows that the session.isNew() and so it redirects to index.jsp. 2) At that point the screen is showing, so the user clicks a link (non html style href) to go view a page. 3) When that page is submitted, I can see by the log, that it calls the ExtendedProcessor and once again, realizes that the session.isNew() and it once again calls the index.jsp page. 4) After that any link the user clicks works, but if you can see the pattern, the user must click two times before the session is established. I would like to have a better handle on why this occurs, or if there is a way I can ensure that this does not happen. It is ugly when the user has to click twice, to get rolling. Thanks for any advice. On 10/24/05, Martin Gainty [EMAIL PROTECTED] wrote: Dumb Question but I have to ask First from the doc for the method public boolean isNew()Returns true if the client does not yet know about the session or if the client chooses not to join the session. For example, if the server used only cookie-based sessions, and the client had disabled the use of cookies, then a session would be new on each request. Returns: true if the server has created a session, but the client has not yet joined Throws: IllegalStateException - if this method is called on an already invalidated session protected boolean processPreProcess(request, response) { protected boolean continuedProcessing = true; try { if (request.getSession()==null)||(request.getSession().isNew() ) { continueProcessing = false; response.sendredirect (/login.jsp); } //end if } //end try catch(IllegalStateException ill) { out.println(IllegalStateException has been thrown the exception is +ill.getMessage()); } return continueProcessing; } //end method a)are you checking to ensure the getSession is NOT NULL before the isNew test ? b)In this scenario is the session is null or session isNew then the method returns false are your returning true/false? c)are you catching the IllegalStateException ??? Anyone else ? M- - Original Message - From: Jim Reynolds [EMAIL PROTECTED] To: user@struts.apache.org Sent: Monday, October 24, 2005 10:57 AM Subject: Session Management Within Webapp 2 (jsessionid)s I have a project which I am working on. It does not have any type of form login. It is just a merchant-type site. When client hits the URL, the index.jsp calls a forward like so: logic:forward name=welcome / This of course sends the request to the struts-config.do. I extended the RequestProcessor to set up some session type beans that control the site. I only create the beans if the session.isNew() returns true. In the RequestProcessor, I can see the beans being created and set into the session. Finally the request is forward to a .jsp page from the original welcome.do call. On the jsp page, I have some tags, with links. Since I am using tags, I just used some normal html style links. Not html:link calls. When a user requests hits a link, and calls another xxx.do, the request goes back to the RequestProcessor, and it thinks the session.isNew(), and I end up creating all the session beans again. After that it works as it should, but I end up with 2 (jsessionid) cookies being created for each user? I am seeking advice, as to why this occured, and if this is normal behavior, or not-normal behavior. Upon researching the topic over the weekend, I was unable to find any threads, about this. Am I doing something wrong, or possibly a logic-flaw somewhere. Thanks, user@struts.apache.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Session Management Within Webapp 2 (jsessionid)s
I have a project which I am working on. It does not have any type of form login. It is just a merchant-type site. When client hits the URL, the index.jsp calls a forward like so: logic:forward name=welcome / This of course sends the request to the struts-config.do. I extended the RequestProcessor to set up some session type beans that control the site. I only create the beans if the session.isNew() returns true. In the RequestProcessor, I can see the beans being created and set into the session. Finally the request is forward to a .jsp page from the original welcome.do call. On the jsp page, I have some tags, with links. Since I am using tags, I just used some normal html style links. Not html:link calls. When a user requests hits a link, and calls another xxx.do, the request goes back to the RequestProcessor, and it thinks the session.isNew(), and I end up creating all the session beans again. After that it works as it should, but I end up with 2 (jsessionid) cookies being created for each user? I am seeking advice, as to why this occured, and if this is normal behavior, or not-normal behavior. Upon researching the topic over the weekend, I was unable to find any threads, about this. Am I doing something wrong, or possibly a logic-flaw somewhere. Thanks, user@struts.apache.org
Re: Session Management Within Webapp 2 (jsessionid)s
Dumb Question but I have to ask First from the doc for the method public boolean isNew()Returns true if the client does not yet know about the session or if the client chooses not to join the session. For example, if the server used only cookie-based sessions, and the client had disabled the use of cookies, then a session would be new on each request. Returns: true if the server has created a session, but the client has not yet joined Throws: IllegalStateException - if this method is called on an already invalidated session protected boolean processPreProcess(request, response) { protected boolean continuedProcessing = true; try { if (request.getSession()==null)||(request.getSession().isNew() ) { continueProcessing = false; response.sendredirect(/login.jsp); } //end if } //end try catch(IllegalStateException ill) { out.println(IllegalStateException has been thrown the exception is +ill.getMessage()); } return continueProcessing; } //end method a)are you checking to ensure the getSession is NOT NULL before the isNew test ? b)In this scenario is the session is null or session isNew then the method returns false are your returning true/false? c)are you catching the IllegalStateException ??? Anyone else ? M- - Original Message - From: Jim Reynolds [EMAIL PROTECTED] To: user@struts.apache.org Sent: Monday, October 24, 2005 10:57 AM Subject: Session Management Within Webapp 2 (jsessionid)s I have a project which I am working on. It does not have any type of form login. It is just a merchant-type site. When client hits the URL, the index.jsp calls a forward like so: logic:forward name=welcome / This of course sends the request to the struts-config.do. I extended the RequestProcessor to set up some session type beans that control the site. I only create the beans if the session.isNew() returns true. In the RequestProcessor, I can see the beans being created and set into the session. Finally the request is forward to a .jsp page from the original welcome.do call. On the jsp page, I have some tags, with links. Since I am using tags, I just used some normal html style links. Not html:link calls. When a user requests hits a link, and calls another xxx.do, the request goes back to the RequestProcessor, and it thinks the session.isNew(), and I end up creating all the session beans again. After that it works as it should, but I end up with 2 (jsessionid) cookies being created for each user? I am seeking advice, as to why this occured, and if this is normal behavior, or not-normal behavior. Upon researching the topic over the weekend, I was unable to find any threads, about this. Am I doing something wrong, or possibly a logic-flaw somewhere. Thanks, user@struts.apache.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Newbie Question : Session Management without cookies
Sorry, have I missed something - where is the need to rewrite the URL yourself? Java/Struts session management uses a cookie, when supported by the browser, otherwise a jsession id is appended to the URL and this is done automatically with the need to manually rewrite the URL yourself (thank goodness!) For the different implementation methods, this has been covered before - http://www.mail-archive.com/struts-user@jakarta.apache.org/msg24504.html This used to be in the Struts FAQ I think. Andy. -Original Message- From: Martin Gainty [mailto:[EMAIL PROTECTED] Sent: 29 May 2005 20:46 To: Struts Users Mailing List Subject: Re: Newbie Question : Session Management without cookies Mark- Have you looked at mod_rewrite? http://httpd.apache.org/docs-2.0/misc/rewriteguide.html Viel Gluck, Martin- - Original Message - From: Mark Breitner [EMAIL PROTECTED] To: Struts Users Mailing List user@struts.apache.org Sent: Sunday, May 29, 2005 1:52 PM Subject: Re: Newbie Question : Session Management without cookies Hi - thanks for your answer. I am looking for a way to let strtuts automatically rewrite the urls. But in the book I am reading right now I can´t find any hint on how to do this. Can you tell me how to rewrite the urls, so that user / pwd are send with ? Bye, Mark Breitner --- Ursprüngliche Nachricht --- Von: Dave Newton [EMAIL PROTECTED] An: Struts Users Mailing List user@struts.apache.org Betreff: Re: Newbie Question : Session Management without cookies Datum: Fri, 27 May 2005 11:12:59 -0400 Nils Liebelt wrote: Have a look at J2ee Specs first. So you get an idea of the session concept. -Original Message- From: Mark Breitner [mailto:[EMAIL PROTECTED] Sent: Friday, May 27, 2005 4:34 PM Subject: Newbie Question : Session Management without cookies I just started with struts and wanted to implement an application that is able to do session management (f.e. user + password) even if the user has turned cookies off. what is the best way to do this ? Also look at URL rewriting, which Struts supports. Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Weitersagen: GMX DSL-Flatrates mit Tempo-Garantie! Ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Newbie Question : Session Management without cookies
Hi - thanks for your answer. I am looking for a way to let strtuts automatically rewrite the urls. But in the book I am reading right now I can´t find any hint on how to do this. Can you tell me how to rewrite the urls, so that user / pwd are send with ? Bye, Mark Breitner --- Ursprüngliche Nachricht --- Von: Dave Newton [EMAIL PROTECTED] An: Struts Users Mailing List user@struts.apache.org Betreff: Re: Newbie Question : Session Management without cookies Datum: Fri, 27 May 2005 11:12:59 -0400 Nils Liebelt wrote: Have a look at J2ee Specs first. So you get an idea of the session concept. -Original Message- From: Mark Breitner [mailto:[EMAIL PROTECTED] Sent: Friday, May 27, 2005 4:34 PM Subject: Newbie Question : Session Management without cookies I just started with struts and wanted to implement an application that is able to do session management (f.e. user + password) even if the user has turned cookies off. what is the best way to do this ? Also look at URL rewriting, which Struts supports. Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Weitersagen: GMX DSL-Flatrates mit Tempo-Garantie! Ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Newbie Question : Session Management without cookies
Mark- Have you looked at mod_rewrite? http://httpd.apache.org/docs-2.0/misc/rewriteguide.html Viel Gluck, Martin- - Original Message - From: Mark Breitner [EMAIL PROTECTED] To: Struts Users Mailing List user@struts.apache.org Sent: Sunday, May 29, 2005 1:52 PM Subject: Re: Newbie Question : Session Management without cookies Hi - thanks for your answer. I am looking for a way to let strtuts automatically rewrite the urls. But in the book I am reading right now I can´t find any hint on how to do this. Can you tell me how to rewrite the urls, so that user / pwd are send with ? Bye, Mark Breitner --- Ursprüngliche Nachricht --- Von: Dave Newton [EMAIL PROTECTED] An: Struts Users Mailing List user@struts.apache.org Betreff: Re: Newbie Question : Session Management without cookies Datum: Fri, 27 May 2005 11:12:59 -0400 Nils Liebelt wrote: Have a look at J2ee Specs first. So you get an idea of the session concept. -Original Message- From: Mark Breitner [mailto:[EMAIL PROTECTED] Sent: Friday, May 27, 2005 4:34 PM Subject: Newbie Question : Session Management without cookies I just started with struts and wanted to implement an application that is able to do session management (f.e. user + password) even if the user has turned cookies off. what is the best way to do this ? Also look at URL rewriting, which Struts supports. Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Weitersagen: GMX DSL-Flatrates mit Tempo-Garantie! Ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Newbie Question : Session Management without cookies
Hello, I just started with struts and wanted to implement an application that is able to do session management (f.e. user + password) even if the user has turned cookies off. what is the best way to do this ? With kind regards Mark Breitner -- Weitersagen: GMX DSL-Flatrates mit Tempo-Garantie! Ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Newbie Question : Session Management without cookies
Hi Mark, Have a look at J2ee Specs first. So you get an idea of the session concept. Regards, Nils -Original Message- From: Mark Breitner [mailto:[EMAIL PROTECTED] Sent: Friday, May 27, 2005 4:34 PM To: user@struts.apache.org Subject: Newbie Question : Session Management without cookies Hello, I just started with struts and wanted to implement an application that is able to do session management (f.e. user + password) even if the user has turned cookies off. what is the best way to do this ? With kind regards Mark Breitner -- Weitersagen: GMX DSL-Flatrates mit Tempo-Garantie! Ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Newbie Question : Session Management without cookies
Hi Mark, Have a look at J2ee Specs first. So you get an idea of the session concept. Regards, Nils -Original Message- From: Mark Breitner [mailto:[EMAIL PROTECTED] Sent: Friday, May 27, 2005 4:34 PM To: user@struts.apache.org Subject: Newbie Question : Session Management without cookies Hello, I just started with struts and wanted to implement an application that is able to do session management (f.e. user + password) even if the user has turned cookies off. what is the best way to do this ? With kind regards Mark Breitner -- Weitersagen: GMX DSL-Flatrates mit Tempo-Garantie! Ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Newbie Question : Session Management without cookies
Nils Liebelt wrote: Have a look at J2ee Specs first. So you get an idea of the session concept. -Original Message- From: Mark Breitner [mailto:[EMAIL PROTECTED] Sent: Friday, May 27, 2005 4:34 PM Subject: Newbie Question : Session Management without cookies I just started with struts and wanted to implement an application that is able to do session management (f.e. user + password) even if the user has turned cookies off. what is the best way to do this ? Also look at URL rewriting, which Struts supports. Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problems with Opera, Struts and Session Management?
I probably should have added that in my ForwardAction I convert a path from the ActionMapping so that users can be allocated a particular look and feel that they have chosen on the website. The line that is related to the Opera failure is: return new ActionForward(layout1.layout + _ + path); With Opera, the Layout object referenced as layout1 here is not set in the session on my index page. This difficulty is overcome by putting code in to log that the Layout object has been put into the session. That mystifies me. Any demystification chiefs on this one? Michael McGrady At 06:52 AM 5/28/2004, Michael McGrady wrote: I have no difficulty running my site with Netscape or IE but Opera fails. Here is the readout I get: javax.servlet.ServletException org.apache.struts.action.RequestProcessor.processException(RequestProcessor.java:545) org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:486) org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274) org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482) org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507) javax.servlet.http.HttpServlet.service(HttpServlet.java:743) javax.servlet.http.HttpServlet.service(HttpServlet.java:856) root cause java.lang.NullPointerException com.crackwillow.struts.action.ForwardAction.execute(ForwardAction.java:30) org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484) org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274) org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482) org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507) javax.servlet.http.HttpServlet.service(HttpServlet.java:743) javax.servlet.http.HttpServlet.service(HttpServlet.java:856) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problems with Opera, Struts and Session Management?
Michael McGrady wrote: I probably should have added that in my ForwardAction I convert a path from the ActionMapping so that users can be allocated a particular look and feel that they have chosen on the website. The line that is related to the Opera failure is: return new ActionForward(layout1.layout + _ + path); With Opera, the Layout object referenced as layout1 here is not set in the session on my index page. This difficulty is overcome by putting code in to log that the Layout object has been put into the session. That mystifies me. Any demystification chiefs on this one? I'm still a bit confused. I'm guessing the NPE is coming from not being able to find the forward created by the layout1.layout + _ + path section? Setting it up like: String forwardName = layout1.layout + _ + path; log.debug( forwardname ); return new ActionForward( forwardName ); I'd be curious if that forwardName looks the same under all situations? Are you sure you are following the exact same steps for each browser after bouning the server? In otherwords, maybe you aren't getting the NPE on netscape/IE because you are having layout1.layout set into Session scope at some other point that you aren't doing when testing with Opera? Using Session vars for this seems a bit odd anyway. Could you avoid using layout1.layout as Session attribute? -- Rick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problems with Opera, Struts and Session Management?
No, this is not correct, Rick. The null pointer is for the reference to the Layout object in the session, which in fact is there. When I have the index page check to see if the object is there, Opera does not have a problem on OTHER pages. Odd? It is as if the placement of that object in the session does not happen with Opera unless you check that it has happened. BUT THAT IS ABSURD. Opera has no knowledge of any of this. RIght? Michael At 07:50 AM 5/28/2004, Rick Reumann wrote: Michael McGrady wrote: I probably should have added that in my ForwardAction I convert a path from the ActionMapping so that users can be allocated a particular look and feel that they have chosen on the website. The line that is related to the Opera failure is: return new ActionForward(layout1.layout + _ + path); With Opera, the Layout object referenced as layout1 here is not set in the session on my index page. This difficulty is overcome by putting code in to log that the Layout object has been put into the session. That mystifies me. Any demystification chiefs on this one? I'm still a bit confused. I'm guessing the NPE is coming from not being able to find the forward created by the layout1.layout + _ + path section? Setting it up like: String forwardName = layout1.layout + _ + path; log.debug( forwardname ); return new ActionForward( forwardName ); I'd be curious if that forwardName looks the same under all situations? Are you sure you are following the exact same steps for each browser after bouning the server? In otherwords, maybe you aren't getting the NPE on netscape/IE because you are having layout1.layout set into Session scope at some other point that you aren't doing when testing with Opera? Using Session vars for this seems a bit odd anyway. Could you avoid using layout1.layout as Session attribute? -- Rick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problems with Opera, Struts and Session Management?
Michael McGrady wrote: No, this is not correct, Rick. The null pointer is for the reference to the Layout object in the session, which in fact is there. When I have the index page check to see if the object is there, Opera does not have a problem on OTHER pages. Odd? It is as if the placement of that object in the session does not happen with Opera unless you check that it has happened. BUT THAT IS ABSURD. Opera has no knowledge of any of this. RIght? If you are sure you haven't changed some cookie settings and you aren't spawning a new window, then my guess is there will be a way to duplicate the exact same problem in IE/Netscape/Mozilla. I don't get what you mean by: The null pointer is for the reference to the Layout object in the session, which in fact is there. The above would have nothing to do with a browser and is impossible, unless you think you are refering to the same Session but you are not. In other words, you are setting something in Session scope and then later on you do some stuff which somehow spawns a new Session. To say you are getting a null pointer for a reference to an object that really is there in Session is impossible:) In other words if you do Object obj = session.getAttribute(someOjbect); and obj is null then there is no way someObject is refering to a handle to an object in this session. -- Rick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problems with Opera, Struts and Session Management?
Heh, Rick, I said it was impossible first. I agree with everything you say and I know the computer is always right. But, this is what I see and I have reported it accurately, I think. Regarding what you did not know I meant. I thought I explained it but I will try again, and try to do better. I provide different look and feels to different clients. They choose. Thus, my urls are modified so that I can have a constant url in the struts-conf.xml under, e.g. input for the action mapping, and a variable one in the tiles.xml. Thus, I have to have between the struts xml and the tiles xml readings a way of converting. I do this with a Layout object that is spawned from the ServletContext and placed in the session on the index.jsp page. This is the object that is showing null in Opera but is not null in IE or Netscape and I have checked to make sure that it is there. This should not, I know, affect Opera. But, these are the facts and all the facts I know. The fact is I don't have trouble with IE and Netscape and I do with Opera. Here is the code that Opera seems (in impossible terms) to conflict with and is in my index.jsp page which merely FORWARDS to another page: session.setAttribute(SiteConstant.LAYOUT,session.getServletContext().getAttribute(SiteConstant.LAYOUT)); The FORWARD is logic:forward name='%= indexUrl %'/ where String indexUrl = layout + _index; and where layout is presently hardcoded for these tests. When the session gets to indexUrl, with Opera sometimes the session does not have the default layout object in the session. I can cure this in Opera by having the index.jsp FORWARD page contain the following code: At 11:54 AM 5/28/2004, Rick Reumann wrote: Michael McGrady wrote: No, this is not correct, Rick. The null pointer is for the reference to the Layout object in the session, which in fact is there. When I have the index page check to see if the object is there, Opera does not have a problem on OTHER pages. Odd? It is as if the placement of that object in the session does not happen with Opera unless you check that it has happened. BUT THAT IS ABSURD. Opera has no knowledge of any of this. RIght? If you are sure you haven't changed some cookie settings and you aren't spawning a new window, then my guess is there will be a way to duplicate the exact same problem in IE/Netscape/Mozilla. I don't get what you mean by: The null pointer is for the reference to the Layout object in the session, which in fact is there. The above would have nothing to do with a browser and is impossible, unless you think you are refering to the same Session but you are not. In other words, you are setting something in Session scope and then later on you do some stuff which somehow spawns a new Session. To say you are getting a null pointer for a reference to an object that really is there in Session is impossible:) In other words if you do Object obj = session.getAttribute(someOjbect); and obj is null then there is no way someObject is refering to a handle to an object in this session. -- Rick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problems with Opera, Struts and Session Management?
This is an excellent suggestion. I tried hard coding the value that layout1.layout should be giving and everything worked. I also tried testing to see if layout1 was null, and it was. Since layout1.layout is a value I want to use throughout the session, always, and is a value that is only used in the session, it seems that the session is the proper place to put this value. I am setting the value of the default layout in application scope with a plugin. Then, I am putting that value into a session Layout when people come on board. They can then choose their own layout later, or their host can have prefigured the Layout for them. The same site has multiple hosts with their own guests. Michael At 07:50 AM 5/28/2004, Rick Reumann wrote: Michael McGrady wrote: I probably should have added that in my ForwardAction I convert a path from the ActionMapping so that users can be allocated a particular look and feel that they have chosen on the website. The line that is related to the Opera failure is: return new ActionForward(layout1.layout + _ + path); With Opera, the Layout object referenced as layout1 here is not set in the session on my index page. This difficulty is overcome by putting code in to log that the Layout object has been put into the session. That mystifies me. Any demystification chiefs on this one? I'm still a bit confused. I'm guessing the NPE is coming from not being able to find the forward created by the layout1.layout + _ + path section? Setting it up like: String forwardName = layout1.layout + _ + path; log.debug( forwardname ); return new ActionForward( forwardName ); I'd be curious if that forwardName looks the same under all situations? Are you sure you are following the exact same steps for each browser after bouning the server? In otherwords, maybe you aren't getting the NPE on netscape/IE because you are having layout1.layout set into Session scope at some other point that you aren't doing when testing with Opera? Using Session vars for this seems a bit odd anyway. Could you avoid using layout1.layout as Session attribute? -- Rick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]