I'm a bit puzzled. There is something not quite right here (or maybe I'm not quite understanding correctly). Aren't sessions created as soon as a JSP within a ServletContext is accessed, irrespective of whether the user authenticates or not? Thus invalid sessions vs anonymous sessions is not an either/or choice - a session can be both valid and authenticated, or both valid and anonymous. Is "invalid" the same as "expired"?
Also there seems to be a slight contradiction in what you say below, because if request.getSession returns null for an invalidated session, how can you then call isRequestedSessionIdValid() on an invalidated session without getting a NullPointerException? I realise that the method is not called on the session object directly, but surely it must access the session object at least indirectly? > -----Original Message----- > From: LAM Kwun Wa Joseph [mailto:[EMAIL PROTECTED] > Sent: Wednesday 08 December 2004 11:23 > To: [EMAIL PROTECTED] > Subject: RE: How to detect expired session vs. no session? (Solved) > > > Confirmed that request.getSession(false)==null for both > expired session > requests and anonymous requests, if I have <%@ page > session="false" %> in > my pages. > > I just figured out the follow which work exactly what I wanted: > > boolean hasSessionID = > (request.isRequestedSessionIdFromURL() || > request.isRequestedSessionIdFromCookie()); > > if (hasSessionID && !request.isRequestedSessionIdValid()) { > // expired/invalidated session > } > else { > // no session at all > } > > > > I haven't tested this, but I *think* that a request containing an > > expired session will still return a non-null session object, but a > > different instance to the one that would have been returned > pre-timeout. > > But I don't know that for a fact. why not just test it > out yourself, > > it's not that hard, just shorten the timeout interval first > so that you > > don't have to wait 30 mins to do your test ;) > > > >> -----Original Message----- > >> From: LAM Kwun Wa Joseph [mailto:[EMAIL PROTECTED] > >> Sent: Wednesday 08 December 2004 09:35 > >> To: [EMAIL PROTECTED] > >> Subject: RE: How to detect expired session vs. no session? > >> > >> > >> But does it have the same effect for a request with an > >> expired session vs > >> a request with no session at all? I think it will return > null in both > >> cases. > >> > >> > if you call request.getSession(false) this will return > null if the > >> request is not associated with a request already. the > "false" param > >> turns off the default behaviour of creating a new session when none > >> exists. > >> > > >> >> -----Original Message----- > >> >> From: LAM Kwun Wa Joseph [mailto:[EMAIL PROTECTED] > >> >> Sent: Wednesday 08 December 2004 08:23 > >> >> To: [EMAIL PROTECTED] > >> >> Subject: How to detect expired session vs. no session? > >> >> > >> >> > >> >> Hi, > >> >> > >> >> How can I tell between a request using an expired session > >> vs a request > >> >> with no session at all? I need to show different messages to > >> >> users being > >> >> kicked due to inactivity and to anonymous users. Thanks! > >> >> > >> >> Regards, > >> >> Joseph Lam > >> >> > >> >> > >> >> > >> >> > >> > --------------------------------------------------------------------- > >> >> To unsubscribe, e-mail: > >> [EMAIL PROTECTED] For > >> >> additional commands, e-mail: [EMAIL PROTECTED] > >> >> > >> >> > >> > > >> > > >> > > >> > > >> -------------------------------------------------------------- > >> ------- To > >> > unsubscribe, e-mail: > [EMAIL PROTECTED] For > >> additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >> > >> > --------------------------------------------------------------------- > >> To unsubscribe, e-mail: > [EMAIL PROTECTED] For > >> additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > > > > > > > > > -------------------------------------------------------------- > ------- To > > unsubscribe, e-mail: [EMAIL PROTECTED] For > > additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
