Excellent. This is exactly what I did recently trying to make my
application both servlet-based and standalone. And for standalone
application user session persisted in a file.
> -----Original Message-----
> From: A mailing list for discussion about Sun Microsystem's Java
> Servlet API Technology. [mailto:[EMAIL PROTECTED]]On
> Behalf Of Nicholas Whitehead
> Sent: Friday, February 04, 2000 1:26 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Doubt about sessions...
>
>
> I have observed that different servlet engines treat
> sessions differently. Consequently, I have made it my
> best practices to not rely on them completely as has
> been done in the example in this thread.
>
> Far better, say I, to create a class like UserSession
> that implements HttpSessionBindingListener. When your
> user logs in, place a UserSession for that user in the
> session. When they log out, or are timed out, the
> UserSession will be removed. Make this your check
> point......
>
> //Nicholas
>
> --- "Mikhail A.Golovanov" <[EMAIL PROTECTED]> wrote:
> > 1. I do not know exactly but it seems that any GET
> > or POST
> > from that previous user's page will be followed by
> > the
> > creation of a new session (the session in the
> > context of
> > which this page was issued is invalidated already,
> > isn't it).
> >
> > 2. What prevents you from checking whether the
> > requested
> > GET or POST is allowed for the user owning the
> > session
> > No. 2? The servlet validates the session; you then
> > (in doGet/doPost) validate the action requested.
> >
> > > -----Original Message-----
> > > From: A mailing list for discussion about Sun
> > Microsystem's Java Servlet
> > > API Technology.
> > [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Punam
> > > Chordia
> > > Sent: Thursday, February 03, 2000 6:09 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: Doubt about sessions...
> > >
> > > Hi friends,
> > > I have a doubt regarding sessions.
> > > Initially i shall give a background of what iam
> > trying to do.
> > > I have a system in which a user logs in and
> > according to
> > > his priority a menu is displayed.
> > > Suppose, a higher priority user performs the
> > following steps:
> > > * logs in
> > > * performs some task
> > > * logs out.
> > > Now when he logs in i will create a new session
> > for him.
> > > Say he has session ID 1.
> > > When he logs out, i will invalidate the session.
> > > Now IN THE SAME BROWSER WINDOW, another user logs
> > in, who is of lesser
> > > priority
> > > that the previous user.Say he gets a session id 2.
> > > He can use the back button of the browser to
> > access the high priority
> > > user's screen
> > > and perform any functionality as the servlet will
> > just validate
> > > the session
> > > id(2 is valid)
> > > and let the user perform the task.
> > > I dont want this to happen.
> > > Any pointers are most welcome.
> > >
> > > Regards,
> > >
> > > Punam Chordia
> > > ITL Infosys
> > > Pune Infotech Park
> > > 91-02139-32800 Extn. 2025
> >
> >
> __________________________________________________________________
> _________
> > To unsubscribe, send email to [EMAIL PROTECTED]
> > and include in the body
> > of the message "signoff SERVLET-INTEREST".
> >
> > Archives:
> >
> http://archives.java.sun.com/archives/servlet-interest.html
> > Resources:
> >
> http://java.sun.com/products/servlet/external-resources.html
> > LISTSERV Help:
> > http://www.lsoft.com/manuals/user/user.html
> >
>
> =====
> "Suzie, Suzie, Suzie, Suzie
> Suzie, Suzie Greenberg"
> Suzie Greenberg, Phish
>
> --
> Nicholas Whitehead
> __________________________________________________
> Do You Yahoo!?
> Talk to your friends online with Yahoo! Messenger.
> http://im.yahoo.com
>
> __________________________________________________________________
> _________
> To unsubscribe, send email to [EMAIL PROTECTED] and include
> in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
