Hi All,
Well I seem to have solved my problem. I created a new version of
org.apache.turbine.modules.actions.sessionvalidator.SessionValidator
that implemented the following method
public boolean requiresNewSession(RunData data)
{
return false;
}
thus allowing my phone to access the LogScreen without being forced to
supply a cookie.
I'd be interested to know what the logic behind the SessionValidator is,
and if I am creating a security hole my modifying the SessionValidator
in this way.
CHEERS> SAM
Sam Joseph wrote:
>Hi there,
>
>I am using turbine in an application where a very thin client (a phone)
>needs to send log reports back to the server. I created a screen called
>LogScreen that could be accessed without needing to be logged in and
>would only pass back a minimal amount of response. Perfect for logging
>from the phone.
>
>However it still creates a session id, sets a cookie, which means that
>the HTTP needs to be resubmitted with the cookie. This is difficult for
>the phone to do. Does anybody know if there is a simple way I can stop
>turbine from creating a session/setting a cookie for LogScreen?
>
>Does the main turbine servlet automatically create a session for every
>incoming connection?
>
>Thanks in advance.
>
>CHEERS> SAM
>
>
>
>--
>To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
>For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
>
>
>
>
>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
