Jonathan Eric Miller wrote:
Thanks. I think option #1 is what I'm looking for. What I don't understand is what I need to do with the session listener though?
I don't understand how to determine whether the new session is truly new, or if it's a new session because a previous session timed out. Could I use a filter and check the incoming session ID and if the session ID isn't in the list of session IDs that the server knows about, assume that it's an expired session?
Yes, this may be the right solution. Store a hash in a singleton class and fill it with session ids that has expired (add a new hash pair in every invocation of sessionDestroyed()). And at every request check that:
0) HttpSession.isNew()==true .
1) HttpServletRequest.getCookies() array contains an entry that matches one of your hash pairs.
That way you may determine if that session is truly new or an expired one. It's just a guess.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
