----- Original Message -----
From: "Funkaster" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
> this will work for a logout... but what if the user is getting for the
> first time to the site? He won't have a session, so it'll be a no-valid
> session...
How it the case of logout different from the first time to the site?
In both the cases you may want to redirect them to the login page. And for
Login page you do not check if the user has a valid session. (one does not
need to be logged in to login .. )
A first time visitor is expected to try to go the login page. If he is
trying to access some other page, it is same as a logged out user trying to
access that page. Do you have some requirements which are different?
> I think the best solution will be to attach the user to the session the
> first time he logs in, then each time a request is made, check the user
> name (stored as a session parameter) and see if it has the right id. In
> the logout, the name is released from the session id, so if someones
> tries to connect with that user name, will have to re-login.
Do you put any other attributes in the session? They may cause problem as
the other attributes will be carried over to the new login. ( what if user A
logs in, logs out and then user B logs in without closing the browser ..)
Regds,
Gokul
>
> Mike
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
