Are you using HTTP BASIC authentication? If you get a login dialog box,
as opposed to a login web page, you are probably using HTTP BASIC
authentication. If so, the browser remembers the login and automatically
sends it to the app with each request, which will log the user in again
if they revisit
To: 'Struts Users Mailing List'
> Subject: RE: session.invaludate(); not working in LogoffAction
>
> i prefer to write my own RequestProcessor which does all the checking and
> handling in case of "user not logged in".
> and even more preferable is to implement
To: 'Struts Users Mailing List'
> Subject: RE: session.invaludate(); not working in LogoffAction
>
> i prefer to write my own RequestProcessor which does all the checking and
> handling in case of "user not logged in".
> and even more preferable is to implement
tribute that has been
store with "session.setAttribute(Constants.SESSION_LOGIN_REFER_KEY, url)"
hope that helps, feel free to ask more if something is unclear.
---
kr,
guenther
-Original Message-----
From: Leon Rosenberg [mailto:[EMAIL PROTECTED]
Sent: Monday, Mar
Graig will blame for not using Filters (they would do the job too), but I'd
say "yes":
Create a "BaseAction", all your actions are extending from, with:
public ActionForward execute(
ActionMapping mapping,
ActionForm bean,
HttpServletRequest
Graig will blame for not using Filters (they would do the job too), but I'd
say "yes":
Create a "BaseAction", all your actions are extending from, with:
public ActionForward execute(
ActionMapping mapping,
ActionForm bean,
HttpServletRequest
I think that you shouldn't just check for the existence of a Session,
you should check for a "user" Session attribute that you have set in
your own code. If you are invalidating the Session and this attribute
still exists afterward, I'd suggest something has gone awry . . .
And yes, I do it in
7 matches
Mail list logo
