hi! see inlined comments > >i could think of two ways: > >1. use "hidden fields" to set a field indicating that the user already had > >a session. > >-How would the login jsp (form-based logon) have access to this info? The >container stores the original url and parameters somewhere and then forwards >the user on to the login page for authentication, only after successful >authentication is the original url and parameters reinstated. This would >also involve modifying every submittable form and hyperlink with this param, >would it?
didn't know that; what about that: controller receives a request with attributes added indicating that the user actually has a session, but the session is invalid (or there is none) so the controller knows that the user must be forwarded to page saying that he needs to login again; if the value of the hidden field is missing, the controller knows that the user didn't log in before. > >2. use "url rewriting" in your app: if you get a request with an > >invalid(ed) session id, you know the session timed out. > can anybody please clarify the following??? >can anybody please clarify this: if a session timed out, the client doesn't >know anything about this, so it should send the session with the following >request, right? -mw ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
