I saw that method and I read this. Case brand new session Session.getId() has some value Request.getRequestedSessionId() is null because the browser is not trying to reach some particular session
Case expired session Session.getId() is different from Request.getRequestedSessionId() Because the browser is trying to reach a session that is not longer available and the session.getSession() has Created a brand new session In this case, for sure, your session has expired. Is so difficult wrap this 2 methods in a isSessionExpired() ? Wtf! Now, we also have to be aware for security browser settings. Thanks ! -----Original Message----- From: Veit Guna [mailto:[EMAIL PROTECTED] Sent: Monday, December 18, 2006 2:28 PM To: Tomcat Users List Subject: Re: invalid sessions I check for invalidated sessions (timeout) the following way: if (! lRequest.isRequestedSessionIdValid() && lRequest.getRequestedSessionId() != null) { log.debug("session expired"); } else { log.debug("the normal way"); } regards, Veit Asensio, Rodrigo schrieb: > Hi guys, Im trying to reject users whose sessions was invalidated (in > purpose because a logout or timeout) But I found that there is not > logic combination in the session valid or invalid methods. > > Case 1 > First request > Session.isNew() TRUE > Request.isRequestedSessionIdValid() FALSE > > We can say that this is ok because you are still not authenticated. > > Case 2 > Session timeout > Next request will be > Session.isNew() TRUE because creates a new session > Request.isRequestedSessionIdValid() FALSE > > The funny thing is if I request the session with create in false, it > always returns an object > Request.getSession(false) != null ALWAYS in this case. > > I have no way to verify if the session was invalidated by a timeout. > > I made a listener and put the invalid session in the DB but I have no > way to identify because When a client comes back from a invalid > session, it creates a new one. > > Do you know any way ? > > > Thanks > Rodrigo > > > > > ------------------------------------------------------------------- > Rodrigo Asensio > Fuel Management Services > Gilbarco Veeder Root > phone: +1 336 547 5023 > email: [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> > > (~'~~'~~'~~) > | | > | | > | ~|~ > |-------()) > ( _) > | | > | | > ''.. | > |'..'---_/\ > / ''---|| /\ > / \ \\/\/ > | \ / \_/ > | \/\\ | \ > > > This message (including any attachments) contains confidential and/or > proprietary information intended only for the addressee. > Any unauthorized disclosure, copying, distribution or reliance on the > contents of this information is strictly prohibited and may constitute > a violation of law. If you are not the intended recipient, please > notify the sender immediately by responding to this e-mail, and delete > the message from your system. If you have any questions about this > e-mail please notify the sender immediately. > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, > e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This message (including any attachments) contains confidential and/or proprietary information intended only for the addressee. Any unauthorized disclosure, copying, distribution or reliance on the contents of this information is strictly prohibited and may constitute a violation of law. If you are not the intended recipient, please notify the sender immediately by responding to this e-mail, and delete the message from your system. If you have any questions about this e-mail please notify the sender immediately. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
