Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

More doubts about session control

Status
Not open for further replies.

pajarokillo

Programmer
May 3, 2004
30
ES
Hi, i follow having doubts about the session control. I do the session control in the next method:

protected boolean processPreprocess(HttpServletRequest request,HttpServletResponse response){
HttpSession session = null;
UserContainer user = null;

super.processPreprocess(request,response);

session = request.getSession(false);
try{
if (session != null){
doForward((moduleConfig.findForwardConfig(IConstants.SESSION_EXPIRADA)).getPath(),request,response);
}
}
catch(IOException ex){
log.error("ERRORRRRRRRRRRRRRRRRRRRRRRRRRRRRRR: " + ex.getMessage());
}
catch(ServletException ex){
log.error("ERRORRRRRRRRRRRRRRRRRRRRRRRRRRRRRR: " + ex.getMessage());
}

return true;

}

Good, so my question is the following:
when i do request.getSession(false) it always return a HttpSession object, but when the session has expired and i do request.getSession(false) it must return null, no?, and then my session control doesn't work good.

How i can do a good session control?
 
some application servers will automatically create a session if incoming request doesn't already have one. So by the time you call request.getSesssion(false), a session has already been created.

One way to validate if a session is to check for a token, which is added to user session upon sucessful user authentication. So in stead of check if request has a session, you should check if user session have a valid authentication token.

Here is a example how to authenicate user using JAAS

you may not need to use JAAS, but it give you some idea, how authentication and authorization can be done.

Hope this will give you some idea.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top