Hi,
I am developing a Struts 1.1 based application to be deployed in Web
Sphere Application Server 5.1. There is no login page in the application,
but I nee d to make sure that valid session exists with each request and
session should be created only once at one place. So I have a subclass the
extends TilesRequestProcessor class. Inside my subclass, in the method
processPreprocess(), I have added the following code:
HttpSession session = request.getSession(false);
if(session != null){
if(session.isNew()){
//It is a new session. So request should from first page of
the application.
}else{
//It is an old session. Make sure it is valid session
UserObject userObject =
(UserObject)session.getAttribute("USER_OBJECT");
if(userObject != null){
//continue the folloe
}else{
//Stop the flow and show home page.
}
}
}else {
//there is no session, so create one here
session = request.getSession(true);
}
My questions are:
1. How to make sure that ActionServlet doesn't create any session using
request.getSession(true) before the Request Processor class is classed.
2. How can I use request.isRequestedSessionIdValid() to make sure that
client has already accepted the current session.
3. How Struts handles the Session tracking mechanism: Cookie, URL
Rewriting. On my Websphere Test Server, I have enabled both. So this way I
found that if cookie is disabled on my browser, it automatically adds a
jsessionid to URLs.
4. What is the best to way to handle HttpSession creation and
invalidation when Using Struts.
5. Does Struts support Session tracking or do we need to depend on web
container settings (Websphere, WebLogic)
Thanks
Shyamsunder
