, 2004 12:25 AM
Subject: Re: [HttpSession creation: When How]
When Tomcat intercepts an access to a protected resource and redirects to
your login form, it saves your initial request by attaching it to the
session object. If the login is successful, it retrieves the saved request
and redirects
Good evening.
My question is about HttpSession objects creation and destruction within a
Servlet/JSP container. I'm using the JBoss/Tomcat bundle (versions
3.2.3/4.1.29) with a database realm properly configured. Here's how things
work so far:
1. User goes to a predefined Welcome File
You can use the session.invalidate() if you need to before creating a
new session (I did not use this approach).
With my system, if the session exists we check for required elements
and place them there if they are missing. Every thirty minutes the
session automatically invalidates. At that
Yes, the session is created automagically when a servlet-served resource
is accessed (meaning things other than HTML, images, things like that).
JSPs and servlets in other words. I seem to remember a config switch
to turn this off, but that's how it generally works, and this is usually
how
You could put the following page directive on your login? .jsp page:
%@ page session=false %
David Stevenson
On Mon, 2004-11-29 at 20:35, Frank W. Zammetti wrote:
Yes, the session is created automagically when a servlet-served resource
is accessed (meaning things other than HTML, images,
When Tomcat intercepts an access to a protected resource and redirects
to your login form, it saves your initial request by attaching it to the
session object. If the login is successful, it retrieves the saved
request and redirects to it. If you don't have an active session, it
creates one to
