> Hi Bob,
>
> Thanks for your answer!
>
> Well, I agree that the refered field in the database would fit perfectly
> in the case of having more than one instance of Tomcat handling requests,
> but why can't it be used for the "local" session handling as well?
>
>
> About what you wrote: "Once a session is marked invalid, my understanding
> is that it only exists for the remaining scope of the page that marked it
> invalid.". In my case I am not invalidating the session in any page, the
> session is timed out by tomcat. And I had a simple test page in an
> environment with a timeout for the session set to a low value (3 minutes).
ok... a session is said to be "invalid" when marked invalid (by
calling session.invalidate() ) by a Servlet or JSP page. When a
session is expired, it is also marked invalid, but it is immediately
removed from being accessible. So the only time your code should be
able to manipulate a Session it should be in the valid state unless
your code explicitly marks it as invalid.
So writting an expired/invalidated session to the store would be
pointless because it is just about to be thrown away.
> If I follow what tomcat is doing, these are the steps:
>
> 1 - The session is backed up to the database (I set the value maxIdleBackup="10")
>after nearly 10 seconds of inactivity.
> 2 - In my jsp page I check the methods session.isNew() = false,
>request.isRequestedSessionIdValid() = true. This would be the expected
> behavior.
> 3 - After the session is timed out by tomcat (I simply take no action
> during 3 minutes), it is removed from the database.
> 4 - I try again to acess the same JSP page and the methods return session.isNew() =
>true and request.isRequestedSessionIdValid() = false.
> This would also be ok except for the fact that I have a NEW value for the
> sessionID.
Yea, this seems correct. Your old session times out after 3 minutes
and is disposed. Your browswer then connects and is assigned a new
sesstion. The old session was marked invalid for probably a few
miliseconds and then disposed of (or recycled.)
> With this behavior it is impossible to find out if I have a new
> session or an expired one. Maybe I am missing something here, but my
> idea was to redirect the user to a page telling him something like:
> "hi my friend, please login again because your session has
> expired". With the current implementation I am finding no solution
> to this.
You have a new session. because request.isRequestedSessionIdValid() =
false, you know an older session is no longer available.
To detect and handle a new/previously logged in user, You could do
something like this on your page,
if (session.isNew() && request.isRequestedSessionIdValid() == false ) {
response.sendRedirect("/relogin.jsp");
}
You should also do something to ensures your session (new or
otherwise) is cooked the way you want it, like
if( session.getAttribute("username") == null) {
reponse.sendRedirect("/pleaseLogin.jsp");
}
or some such.
Cheers,
-bob
> Cheers,
> Daniel
>
>
>
>
>
> [EMAIL PROTECTED]
> 24.06.2002 18:17
> Please respond to "Tomcat Developers List"
>
>
> To: [EMAIL PROTECTED]
> cc:
> Subject: Re: JDBCStore implementation
>
>
>
>
>
>
> > Hello everyone,
> >
> > I am writing about an issue on invalidation of sessions.
> > In the current implementation, a session is deleted from the Database
> when
> > it is invalidated. Is this really the behavior expected?
>
> I have been looking over the code some, and I think that behavior is
> correct. I think the DB schema was written with the thinking that
> that field may some day be useful when more than one instance of
> Tomcat is handling requests.
>
> > I mean, if there is an attribute to specify if a session is valid or
> not,
> > a session that is invalidated should have this attribute reset instead
> of
> > being deleted, isn't it? If this is not true, it is not possible to see
> > difference between a session that is not valid anymore and a new one.
>
> Once a session is marked invalid, my understanding is that it only
> exists for the remaining scope of the page that marked it invalid.
>
> I think if you have a page with 2 frames in it, and one of the
> frames marks the session as invalid, the other frame might get;
>
> * a valid session until it is marked invalid by the other page
> or
> * a new session
>
> depending on the race condition of the browser and webserver loading
> both frames.
>
> Cheers,
> -bob
>
>
> > Can anyone tell me something about the plans for the implementation of
> > this feature?
> >
> > Cheers,
> > Daniel
> >
> >
> >
> > --
> > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
> >
>
> Cheers,
> -bob
>
> --
> To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
>
>
>
>
>
> --
> To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
>
Cheers,
-bob
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
