Hi,
I looked at all the conditions in Craig's mail that you included.
* Actions will create a session for you automatically if you use
transaction tokens, or the getLocale()/setLocale() methods.
My BaseAction that my LoginAction extends has code like this.
protected void setLocale(
HttpServletRequest request,
Locale locale) {
HttpSession session = request.getSession(true);
session.setAttribute( Action.LOCALE_KEY,locale );
}
My login page expires after the session timeout period even before the user
logs in . So I thought that since a new session is already created (
according to the above mentioned point ) and I am using request.getSession()
( not request.getSession( true ) ) and the setLocale method it is normal for
the login page itself to expire.
Is that right ?
Mohan
-----Original Message-----
From: Heligon Sandra [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 06, 2003 2:55 PM
To: 'Struts Users Mailing List'
Subject: RE: Association between Session object and Cookies/URL
rewriting
I well understand now that Sessions (object on the web server) are
used either cookies or URL writing (in the client side).
In the struts application I have to make changes if I want to
use URL rewriting.
But what I still do not understand (I am sorry to be also insistent) is
why/or how each user will have a own unique sessionID ?.
How a user is identified?
What distinguish a client from an other client ?
Is the user NT account ?
Perhaps a client is not a "physical" person but an instance of Web browser ,
is this as that which should be heard it ?
Mohan, could you explain me "I am using setLocale in the base action".
I don't understand well what setLocale allows?
-----------------------------------------------------------
As of February 12, 2003 Thomson unifies its email addresses on a worldwide
basis.Please note my new email address: [EMAIL PROTECTED]
Thomson is the leader in solutions and technologies for the entertainment
and media industries and serves its customers under its four strategic
brands: Technicolor, Grass Valley, RCA and THOMSON.
More about Thomson: http://www.thomson.net/videochain
----Original Message-----
From: Andrew Hill [mailto:[EMAIL PROTECTED]
Sent: 06 March 2003 10:07
To: Struts Users Mailing List
Subject: RE: Association between Session object and Cookies/URL
rewriting
HttpSession is a seperate matter from authentication as far as the container
is concerned, in as much as session tracking operates to associate requests
with a particular client. The way it does this is by allocated a session
id - which the client submits with each request.
There are two ways that this id can be submitted.
The first (and I believe the default) is to make use of cookies. If the
container is giving the client a session and the client has cookies enabled,
the container will return to the client a cookie that contains the session
id, and the client borwser submits this with its requests allowing the
container to identify which session the request belongs to. This mechanism
works almost transparently both to the user and the developer.
The second way - url rewriting - operates when cookies are disabled on the
client (and it is considered best practise to allow for this possibility as
a lot of users are getting paranoid about cookies these days). This involves
all links that are displayed in the browser including the session id as part
of the url - so you will see urls of the form:
http://www.mystery-machine.com/shaggy/scooby.do;jsessionid=4878D95252DE47FDC
39E69070F49F397
Obviously for the links to contain the session id the developer has to do a
bit more work - basically requiring all links to pages/actions participating
in that session to be 'rewritten'. The struts <html:link> tag will do this
for any links you render with it automatically, - I presume the <html:form>
tag will also do it for its action (I dont use jsp so arent entirely sure
but it would seem logical).
If you need to do it yourself somewhere the servlet apis HttpServletResponse
also supplies an encodeUrl() method that when passed a string containing a
plain url will add the session id if necessary and return the encoded url
string to you.
-----Original Message-----
From: Heligon Sandra [mailto:[EMAIL PROTECTED]
Sent: Thursday, 6 March 2003 16:41
To: 'Struts Users Mailing List'
Subject: RE: Association between Session object and Cookies/URL
rewriting
Importance: High
Tomcat is responsible of the cookie creation but it is
the Struts Action Servlet that is responsible of the
session (HttpSession initialization) isn't it ?
A few months ago I had had a discussion with Craig and it had indicated
to me that a session was initialized in several cases:
* The controller servlet will create a session for you, if you
declare that your form bean is in session scope.
* The controller servlet will create a session for you, if you
configured the automatic locale recognition mechanism (the "locale"
servlet initialization parameter for 1.0, or the corresponding
attribute on the <controller> element for 1.1).
* Your application Action can create a session if it needs to, by
calling request.getSession().
* Actions will create a session for you automatically if you use
transaction tokens, or the getLocale()/setLocale() methods.
* JSP pages will create a session for you automatically unless you
explicitly tell them not to (<%@ page ... session="false" ... %>).
* The <html:html> tag will create a session for you automatically
if you use locale="true".
* The <html:form> tag will create a session for you automatically
if your form bean is in request scope, or if you are using
transaction tokens.
I don't understand how the controller distinguish a client X from a
client Y ? what parameter/information allow to identify a client ?
As I said yesterday in my application two clients have not the same
authentication information (userLogin and password).
If a client X enter the URL http::\\localhost:8080\MyAppli, when the
home page is displayed if the form is in the session an HttpSession is
created isn't it ? but the client has not yet given his userLogin and
password.
If a new browser is open on the same PC with the URL of the application
is a new HttpSession is created ?
Normally a new session must be created only if login information is
different
from the first client's browser. But on the Home page we do not have to
carry out
the Login action yet.
Do you understand my question ?
-----------------------------------------------------------
As of February 12, 2003 Thomson unifies its email addresses on a worldwide
basis.Please note my new email address: [EMAIL PROTECTED]
Thomson is the leader in solutions and technologies for the entertainment
and media industries and serves its customers under its four strategic
brands: Technicolor, Grass Valley, RCA and THOMSON.
More about Thomson: http://www.thomson.net/videochain
----Original Message-----
From: Nicolas De Loof [mailto:[EMAIL PROTECTED]
Sent: 05 March 2003 14:53
To: Struts Users Mailing List
Subject: Re: Association between Session object and Cookies/URL
rewriting
Struts doesn't create coockies, J2EE servlet container does (tomcat).
When you use "request.getSession()" in your code, J2EE server will a
coockie (or a request parameter if URL rewriting is used, see your
server config) to get the session ID.
If no ID is set, it will generate a new session ID and add a
"set-coockie" HTTP header in response.
New request from user browser will come to the server with a
"SESSIONID" coockie header, and request.getSession() implementation
will be able to find the session object from ID.
Read J2EE or Tomcat documentation to get more infos on sessions
(sessionid coockie, URL rewriting ...).
Nico.
>
> I don't understand very well how Struts manages session objects
> and why a sessionID is fixed for a user ?
> Session objects are stored on the web server (Tomcat in my case) and
> cookie saved on the disk allows to retrieve the HttpSession
> associated to
> a user.
> But I don't understand how the cookie is created and why is it
> associated
> to a client ?
> How Struts creates the session cookie ?
> I read that the cookie object is created when a user first loads a
> web page that
> is a part of the application.
> But at this stage what distinguishes a user X from a user Y ?
> In my application I distinguish two users with authentication
> information but when the first page is displayed the authentication
is not
> done.
> How Struts know that it is a new user and that it has to create a
> new HtppSession and a new cookie?
> Is a user (and so a cookie) associated to a user NT account ?
> I am not certain to have been rather clear
> Thanks in advance for your help.
> Sandra
>
>
>
>
> -----------------------------------------------------------
> As of February 12, 2003 Thomson unifies its email addresses on a
worldwide
> basis.Please note my new email address: [EMAIL PROTECTED]
>
> Thomson is the leader in solutions and technologies for the
entertainment
> and media industries and serves its customers under its four
strategic
> brands: Technicolor, Grass Valley, RCA and THOMSON.
> More about Thomson: http://www.thomson.net/videochain
>
>
> --------------------------------------------------------------------
-
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
