-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Shyamsunder,
Reddy, Shyamsunder wrote: > 1. How to make sure that ActionServlet doesn't create any session using > request.getSession(true) before the Request Processor class is classed. I don't believe that Struts ever calls request.getSession(true). Are you having a problem with something? > 2. How can I use request.isRequestedSessionIdValid() to make sure that > client has already accepted the current session. I don't believe that this method can make any claims about the client's acceptance of the session. It simply means that the session id provided by the client does in fact match a currently valid session. > 3. How Struts handles the Session tracking mechanism: Cookie, URL > Rewriting. On my Websphere Test Server, I have enabled both. So this way I > found that if cookie is disabled on my browser, it automatically adds a > jsessionid to URLs. Struts does not deal with session tracking: it is done entirely by the contained (in your case, Websphere). Typically, a servlet container will prefer cookies but also fully-support URL rewriting. Typically, there's no need to use both cookies /and/ URL rewriting for a particular session. If the browser does not accept cookies, the server should fall-back to URL rewriting (assuming you have correctly encoded all of your outgoing URLs). > 4. What is the best to way to handle HttpSession creation and > invalidation when Using Struts. Struts does not provide any specific mechanisms for dealing with sessions. However, your container (Websphere) should have those kinds of capabilities (containers are required to support container-managed authentication and authorization using security settings in web.xml). > 5. Does Struts support Session tracking or do we need to depend on web > container settings (Websphere, WebLogic) You should rely on your servlet container for this type of thing. Struts /uses/ some of that stuff, but it is provided by your servlet container. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFyMOq9CaO5/Lv0PARAhu/AKCGtB2iVA5AtIV+HAn54eotlr83zwCfTazd g0sw3pooucJqFTNZWc35c58= =OQNT -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]