Thanks to Mark and Chris for all suggestions.
I thing that a will follow th Chris suggestion to re-architect my session.
I was attracted by this piece of code in
Re: Tomcat Realm Auto-Relogin after Session-Timeout Problem
lynckmeister
Wed, 11 Feb 2009 06:32:43 -0800
public class SessionTimeoutFilter implements Filter {
private final Log logger =
LogFactory.getLog(SessionTimeoutFilter.class);
private String timeoutPage = "timeout.html";
public void init(FilterConfig filterConfig) throws ServletException
{
}
public void doFilter(ServletRequest request, ServletResponse
response,
FilterChain filterChain) throws IOException,
ServletException {
if ((request instanceof HttpServletRequest)
&& (response instanceof
HttpServletResponse)) {
HttpServletRequest httpServletRequest =
(HttpServletRequest) request;
HttpServletResponse httpServletResponse =
(HttpServletResponse) response;
// is session expired control required for this
request?
if
(isSessionControlRequiredForThisResource(httpServletRequest)) {
String requestedID =
httpServletRequest.getRequestedSessionId();
// is session invalid?
HttpSession session =
httpServletRequest.getSession();
String sID = session.getId();
String nochmalID =
httpServletRequest.getQueryString();
// ok this is allways false , means the
session
is allways valid. sure
it is, but its a new one !
boolean isSessionInValid = (requestedID !=
null)&&
!httpServletRequest.isRequestedSessionIdValid();
Object testObject =
session.getAttribute("ISVALID");
// here I tried some things... the
isSessionInValid flag doesnt help b/c
the session is allways valid
// the testObject is allways null b/c if the
user comes from the
loginpage the user is not set in the first time
// with the code like this, we're allways
redirected in an constant
loop.
// besides that I think redirection is not
the
right way to handle , I
mean,
// i feel the right solution would recognize
that the session is not in
a proper state and than
// delete the request wich allways causes in
that crash. but how? and
wich restored information exactly is the wrong one ?
if (testObject == null /*&&
isSessionInValid*/
) {
String timeoutUrl =
httpServletRequest.getContextPath()
+ "/" +
getTimeoutPage();
logger
.info("session is
invalid! redirecting to timeoutpage : "
+
timeoutUrl);
and in particular:
String requestedID =
httpServletRequest.getRequestedSessionId();
HttpSession session = httpServletRequest.getSession();
String sID = session.getId();
so i thought that was possible to 'trigger' a re-logon after timeout plus
the reference of both expired session (requestedID) and new session (sID);
if there was a way to copy some attributes from the old session to the new
one i solved my problem.
But seems to me that the old session non more exists at this point of the
request flow. Is this true?
Alberto.
--
View this message in context:
http://www.nabble.com/Re%3A-Tomcat-Realm-Auto-Relogin-after-Session-Timeout-Problem-tp25479941p25507329.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
