-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Shyamsunder,

Reddy, Shyamsunder wrote:
> 1.    How to make sure that ActionServlet doesn't create any session using
> request.getSession(true) before the Request Processor class is classed.

I don't believe that Struts ever calls request.getSession(true). Are you
having a problem with something?

> 2.    How can I use request.isRequestedSessionIdValid() to make sure that
> client has already accepted the current session.

I don't believe that this method can make any claims about the client's
acceptance of the session. It simply means that the session id provided
by the client does in fact match a currently valid session.

> 3.    How Struts handles the Session tracking mechanism: Cookie, URL
> Rewriting. On my Websphere Test Server, I have enabled both. So this way I
> found that if cookie is disabled on my browser, it automatically adds a
> jsessionid to URLs.

Struts does not deal with session tracking: it is done entirely by the
contained (in your case, Websphere). Typically, a servlet container will
prefer cookies but also fully-support URL rewriting. Typically, there's
no need to use both cookies /and/ URL rewriting for a particular
session. If the browser does not accept cookies, the server should
fall-back to URL rewriting (assuming you have correctly encoded all of
your outgoing URLs).

> 4.    What is the best to way to handle HttpSession creation and
> invalidation when Using Struts.

Struts does not provide any specific mechanisms for dealing with
sessions. However, your container (Websphere) should have those kinds of
capabilities (containers are required to support container-managed
authentication and authorization using security settings in web.xml).

> 5.    Does Struts support Session tracking or do we need to depend on web
> container settings (Websphere, WebLogic)

You should rely on your servlet container for this type of thing. Struts
/uses/ some of that stuff, but it is provided by your servlet container.

- -chris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFyMOq9CaO5/Lv0PARAhu/AKCGtB2iVA5AtIV+HAn54eotlr83zwCfTazd
g0sw3pooucJqFTNZWc35c58=
=OQNT
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to