I guess that'd depend on the Tomcat version, but look at the documentation
on session persistence and clustering.
L.
d d wrote:
First of all thanks for replying...
Actually i am authenticating user based on session attribute. i.e if user name
is present in session.
As u said told abt 'sessions being serialized' can i know more about this..or
how can i avoid it??
Regards.
dd
On Fri, 19 Aug 2005 Laurie Harper wrote :
d d wrote:
I am working on a struts web application with oracle as back end.I use tomcat.
I am using filter so that if user has not logged in he cannot access any of the
pages.I have a problem for logging..
I login into my application..Use the application..Now if suddenly i close
Tomcat Server.. and restart it ..and refresh my old page..it continues to work.
This perticularly happens if there is a action in url..
e.g address bar has. "http/localhost:8080/web/app/ss.do" and the server is
restarted, filter does not work..and page continues to flow.
and if address bar contains "http/....../ss.jsp" filter works and user is
forced to login.
I havent judged the exact problem yet .Can anyone help me?
How are you performing authentication? If you're using HTTP Basic
authentication, a restart of Tomcat wont clear the user's credentials from the
browser so subsequent requests will continue to authenticate as you're seeing.
Alternatively, if you're relying on data stored in the session to determine if
the session has been authenticated, you may see this as a result of sessions
being serialized to disk on Tomcat shutdown and reloaded on subsequent requests.
In other words, without knowing more about your authentication scheme it's
impossible to say if this behaviour is 'wrong' or not. Perhaps you could post
the filter code you're using?
L.
-- Laurie Harper
Open Source advocate, Java geek: http://www.holoweb.net/laurie
Founder, Zotech Software: http://www.zotechsoftware.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Laurie Harper
Open Source advocate, Java geek: http://www.holoweb.net/laurie
Founder, Zotech Software: http://www.zotechsoftware.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]