The filter sounds like a good way to do it. Thanks for the suggestion Craig and Sean.
If I explain what i'm using this for, I'd be opening up a whole can of worms. I'm not scared of worms, so I hope nobody else is. :) I'm working on a SSO solution that can carry a user's session across different websites. I'm in a very preliminary phase, but this is how i'm approaching it: —-------------------------------------- Scenario #1: User comes to website (www.ci.tigard.or.us) and logs in via a form. Upon successful login, a domain level cookie, (.ci.tigard.or.us) is passed to the client with a unique ID, kinda like the jsessionid. The domain cookie ID and the jsessionID are stored in a database along with some other data. A *User* object is stored in session. Scenario#2: Same user goes to a second site (police.ci.tigard.or.us). When user hits a secure page, security looks for the domain level cookie and grabs the ID, uses that ID to check the database for that ID. If the ID exists in the database, security assumes the user has already been logged so it loads up the data and authenticates/authorizes the user on the second website. It also adds a record to the database that relates the domain session ID to the jsessionID of the second website. Additional Info: There is a session listener that deletes all records from the database related to the domainID when a session ends. —--------------------------------------- So, I need to know the sessionLastAccessed value so i can update the database periodically. This is because the session listener will delete all domainID records in the database for a jsessionid that has expired. I don't want to delete any records if the user is still active on any of the websites that are part of this SSO scheme. I don't know how scalable this solution is, nor am I 100% sure this is the best way to do this but I have to start somewhere. I'm sure JUnit tests will answer my first question. :) so there are the worms, the can is now empty. - vic >>> [EMAIL PROTECTED] 02/10/03 12:46PM >>> The only trivial way that I can think of would be to put a filter on all requests. What are you going to use that information for? Maybe there is another way to accomplish what you're trying to do. Sean Dockery [EMAIL PROTECTED] Certified Java Web Component Developer Certified Delphi Programmer SBD Consultants http://www.sbdconsultants.com ----- Original Message ----- From: "Victor Soares" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, February 10, 2003 12:28 Subject: How to listen for Session LastAccessedTime Hello, I've been searching through the Javadocs to figure out how to listen for a session's LastAccessedTime but haven't been able to find anything. Seems like the HttpSessionAttributeListener is not notified when a session's LastAccessedTime is changed. Is there a way to listen for a session's LastAccessedTime? thanks, - vic --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
