d d wrote:
I am working on a struts web application with oracle as back end.I use tomcat. I am using filter so that if user has not logged in he cannot access any of the pages.I have a problem for logging.. I login into my application..Use the application..Now if suddenly i close Tomcat Server.. and restart it ..and refresh my old page..it continues to work. This perticularly happens if there is a action in url.. e.g address bar has. "http/localhost:8080/web/app/ss.do" and the server is restarted, filter does not work..and page continues to flow. and if address bar contains "http/....../ss.jsp" filter works and user is forced to login. I havent judged the exact problem yet .Can anyone help me?
How are you performing authentication? If you're using HTTP Basic authentication, a restart of Tomcat wont clear the user's credentials from the browser so subsequent requests will continue to authenticate as you're seeing. Alternatively, if you're relying on data stored in the session to determine if the session has been authenticated, you may see this as a result of sessions being serialized to disk on Tomcat shutdown and reloaded on subsequent requests.
In other words, without knowing more about your authentication scheme it's impossible to say if this behaviour is 'wrong' or not. Perhaps you could post the filter code you're using?
L. -- Laurie Harper Open Source advocate, Java geek: http://www.holoweb.net/laurie Founder, Zotech Software: http://www.zotechsoftware.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
