I check for invalidated sessions (timeout) the following way:
if (! lRequest.isRequestedSessionIdValid() &&
lRequest.getRequestedSessionId() != null) {
log.debug("session expired");
} else {
log.debug("the normal way");
}
regards,
Veit
Asensio, Rodrigo schrieb:
> Hi guys, Im trying to reject users whose sessions was invalidated (in
> purpose because a logout or timeout)
> But I found that there is not logic combination in the session valid or
> invalid methods.
>
> Case 1
> First request
> Session.isNew() TRUE
> Request.isRequestedSessionIdValid() FALSE
>
> We can say that this is ok because you are still not authenticated.
>
> Case 2
> Session timeout
> Next request will be
> Session.isNew() TRUE because creates a new session
> Request.isRequestedSessionIdValid() FALSE
>
> The funny thing is if I request the session with create in false, it
> always returns an object
> Request.getSession(false) != null ALWAYS in this case.
>
> I have no way to verify if the session was invalidated by a timeout.
>
> I made a listener and put the invalid session in the DB but I have no
> way to identify because
> When a client comes back from a invalid session, it creates a new one.
>
> Do you know any way ?
>
>
> Thanks
> Rodrigo
>
>
>
>
> -------------------------------------------------------------------
> Rodrigo Asensio
> Fuel Management Services
> Gilbarco Veeder Root
> phone: +1 336 547 5023
> email: [EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>
>
> (~'~~'~~'~~)
> | |
> | |
> | ~|~
> |-------())
> ( _)
> | |
> | |
> ''.. |
> |'..'---_/\
> / ''---|| /\
> / \ \\/\/
> | \ / \_/
> | \/\\ | \
>
>
> This message (including any attachments) contains confidential
> and/or proprietary information intended only for the addressee.
> Any unauthorized disclosure, copying, distribution or reliance on
> the contents of this information is strictly prohibited and may
> constitute a violation of law. If you are not the intended
> recipient, please notify the sender immediately by responding to
> this e-mail, and delete the message from your system. If you
> have any questions about this e-mail please notify the sender
> immediately.
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
