I had thought to use scriptlets. But I've rigged a filter on the server which tests for the mappings of the few protected pages which require logins. It seems to work and update session variables which is what I'm after. My issue is that a session may well have been created prior to login so using a listener here via sessionCreated may not be useful.
Detecting a logoff is easier using the sessionDestroyed method. -----Original Message----- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: 06 Oct 2011 15 05 To: Tomcat Users List Subject: RE: Detecting a login or logoff event > From: Martin O'Shea [mailto:app...@dsl.pipex.com] > Subject: Detecting a login or logoff event > I need to be able to intercept a successful authentication of a login > / logout request which can then be used to make a series of system > updates to record the fact. > I am thinking about scriptlets in the pages served testing the > request's servlet path after login is successful If the integrity of your information is dependent on actions of the client, you have no data integrity. There's nothing stopping a client from disabling scripts, running their own scripts, or doing anything else by accident or intent - you cannot control that. Anything you do for tracking must be done on the server side. You probably can use a filter, but a Listener might be more appropriate. See section 10 of the servlet spec. (Make sure you're looking at the current spec for the Tomcat version you're using; the 2.2 spec you referenced earlier is badly out of date.) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
