Hello Session, See replies in context below -
> -----Original Message----- > From: Session Mwamufiya [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 26, 2007 11:58 PM > To: 'Struts Users Mailing List' > Subject: Struts 2 Login example using a session > > Hi, > > I tried to follow the simple login example at > http://struts.apache.org/2.x/docs/simplelogin-with-session.html, but there are many > things that I don't get: > - first, it's written for webworks, not struts 2, are there any compatibility issues between the two? I read that page and I would say that other than using <s: instead of <ww:, there are not any compatibility issues (and that isn't a real issue, one more of style). > - second, the session is never set with a timeout attribute, how do we actually enforce a timeout? The session timeout period is controlled by the app server as far as I know. For instance, I have the following using Tomcat4 - <session-config> <session-timeout>480</session-timeout> </session-config> > - third, do we need to include a line like <jsp:include page="WEB-INF/inc/loginCheck.jsp" /> at the > beginning of every jsp file in our web app to check whether the user is still logged in; or is there > a more general way of ensuring that. I took a different approach than the authors of that page (and may update the wiki with my code if people feel it is appropriate. First off, I created a global result named "login" in a global package. When this result is encountered, it redirects to the Login action. Next, I created a class that implemented SessionAware and put all of the login logic in that class. Every action that needs to enforce a login inherits from that class. With my way, you can avoid includes... If I don't want to inherit from that "Authenticated" action, I can create a custom tag with the same logic (check the session for a user object, if not there, redirect to the Login action). Thanks, Session A. Mwamufiya Carnegie Mellon University MBA | Tepper School of Business MSE (software eng.) | School of Computer Science T: (412) 508-5455 | [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]