> Hi Bob, > > Thanks for your answer! > > Well, I agree that the refered field in the database would fit perfectly > in the case of having more than one instance of Tomcat handling requests, > but why can't it be used for the "local" session handling as well? > > > About what you wrote: "Once a session is marked invalid, my understanding > is that it only exists for the remaining scope of the page that marked it > invalid.". In my case I am not invalidating the session in any page, the > session is timed out by tomcat. And I had a simple test page in an > environment with a timeout for the session set to a low value (3 minutes).
ok... a session is said to be "invalid" when marked invalid (by calling session.invalidate() ) by a Servlet or JSP page. When a session is expired, it is also marked invalid, but it is immediately removed from being accessible. So the only time your code should be able to manipulate a Session it should be in the valid state unless your code explicitly marks it as invalid. So writting an expired/invalidated session to the store would be pointless because it is just about to be thrown away. > If I follow what tomcat is doing, these are the steps: > > 1 - The session is backed up to the database (I set the value maxIdleBackup="10") >after nearly 10 seconds of inactivity. > 2 - In my jsp page I check the methods session.isNew() = false, >request.isRequestedSessionIdValid() = true. This would be the expected > behavior. > 3 - After the session is timed out by tomcat (I simply take no action > during 3 minutes), it is removed from the database. > 4 - I try again to acess the same JSP page and the methods return session.isNew() = >true and request.isRequestedSessionIdValid() = false. > This would also be ok except for the fact that I have a NEW value for the > sessionID. Yea, this seems correct. Your old session times out after 3 minutes and is disposed. Your browswer then connects and is assigned a new sesstion. The old session was marked invalid for probably a few miliseconds and then disposed of (or recycled.) > With this behavior it is impossible to find out if I have a new > session or an expired one. Maybe I am missing something here, but my > idea was to redirect the user to a page telling him something like: > "hi my friend, please login again because your session has > expired". With the current implementation I am finding no solution > to this. You have a new session. because request.isRequestedSessionIdValid() = false, you know an older session is no longer available. To detect and handle a new/previously logged in user, You could do something like this on your page, if (session.isNew() && request.isRequestedSessionIdValid() == false ) { response.sendRedirect("/relogin.jsp"); } You should also do something to ensures your session (new or otherwise) is cooked the way you want it, like if( session.getAttribute("username") == null) { reponse.sendRedirect("/pleaseLogin.jsp"); } or some such. Cheers, -bob > Cheers, > Daniel > > > > > > [EMAIL PROTECTED] > 24.06.2002 18:17 > Please respond to "Tomcat Developers List" > > > To: [EMAIL PROTECTED] > cc: > Subject: Re: JDBCStore implementation > > > > > > > > Hello everyone, > > > > I am writing about an issue on invalidation of sessions. > > In the current implementation, a session is deleted from the Database > when > > it is invalidated. Is this really the behavior expected? > > I have been looking over the code some, and I think that behavior is > correct. I think the DB schema was written with the thinking that > that field may some day be useful when more than one instance of > Tomcat is handling requests. > > > I mean, if there is an attribute to specify if a session is valid or > not, > > a session that is invalidated should have this attribute reset instead > of > > being deleted, isn't it? If this is not true, it is not possible to see > > difference between a session that is not valid anymore and a new one. > > Once a session is marked invalid, my understanding is that it only > exists for the remaining scope of the page that marked it invalid. > > I think if you have a page with 2 frames in it, and one of the > frames marks the session as invalid, the other frame might get; > > * a valid session until it is marked invalid by the other page > or > * a new session > > depending on the race condition of the browser and webserver loading > both frames. > > Cheers, > -bob > > > > Can anyone tell me something about the plans for the implementation of > > this feature? > > > > Cheers, > > Daniel > > > > > > > > -- > > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > > > Cheers, > -bob > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > > > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > Cheers, -bob -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>