You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Doug Ogateter <hi...@yahoo.ca> on 2002/12/17 06:32:39 UTC

Struts and session

Greetings:

I am using struts1.1b2 to implement a web application. I have a question regarding to implementing session timeout. When session is invalidated, user who has logged in the system should be forwarded to login page. I am not clear about the followings, and hope someone can help me out.

1. Who will invalidate the session when timeout? Servlet container will do it automatically?

2. Should I use request.getSession(false) to check if session is timeout? If so, that means for every request, it will check if session is invaildate. Will it cause performance problem? If not, which methods should I call to check it?

3. If I should use request.getSession(false) to check session timeout, where should I write the code? Should I write the code in every action class?

4. There are many methods related to session, such as getCreationTime, getLastAccessedTime,..Where and how should I use them in the implementation?

5.From my understanding, I can set timeout in web.xml or use setMaxInactiveIterval(int ..). Usually which way should be use?

6. After user login, I want to forward the user to the page where he was when session timeout. Where should I save the information(with the information, I know where I should forward the user to)?

I searched the archive. However, it seems that I can't find the specific info.

Your help is highly appreicated.

Doug

Re: Struts and session

Posted by Justin Ashworth <ju...@ashworth.org>.
Hi Doug,

The filter does work with Struts - it just doesn't make use of it.  Your
request goes through the filter even before the Struts ActionServlet is
invoked, so all of this happens before Struts comes into the picture in a
request.  You really don't need struts for this - you are basically just
getting a session attribute and if it comes back null you forward to a login
page, using a RequestDispatcher.  Having to hard-code (or config file) the
login page URL is the only thing that Struts would be able to help with
here, but as far as I've seen Struts doesn't provide any help in Filters.

If anybody knows of a way to take advantage of a global forward from the
struts-config.xml file in a Filter, that would be very useful information.

Thanks,

Justin

----- Original Message -----
From: "Doug Ogateter" <hi...@yahoo.ca>
To: "Struts Users Mailing List" <st...@jakarta.apache.org>
Sent: Tuesday, December 17, 2002 11:04 AM
Subject: Re: Struts and session


>
> Justin:
>
> Thank you for reply.
> That's a good idea. One more question, can filter works with struts?
> Doug
>  Justin Ashworth <ju...@ashworth.org> wrote:Hi Doug,
>
> We use a javax.servlet.Filter to check for an expired session. I found
this
> idea on some website or in the Struts-User archives and it makes the most
> sense to me. All requests go through the filter before they hit the
> servlet, so this is the perfect place to check for whether or not a user
is
> logged in - it's hidden away and it's executed before anything else. Just
> create a class that implements javax.servlet.Filter. There are three
> methods to implement in this class, but the real work will be done in the
> doFilter() method. In doFilter() you can call
> request.getSession().getAttribute("someAttribute") on an attribute that
> should always be there if the session is valid, and if it's not there
> forward them to the login screen (this will be a
RequestDispatcher.forward()
> and not a Struts ActionForward). Your doFilter() method will be specific
to
> your application, but the other two methods you need to implement,
> getFilterConfig() and setFilterConfig() are just a basic getter and setter
> for a FilterConfig member variable. Also, it is good practice that if you
> aren't forwarding back to the login page in your doFilter method, you call
> filterChain.doFilter(request, response). filterChain is a parameter to
this
> method and represents a chain of filters you have configured in your
web.xml
> file. See the JavaDoc for more info. Your entry for the filter in your
> web.xml file will look something like this:
>
>
> LoginFilter
> com.d.p.w.LoginFilter
>
>
>
> LoginFilter
> *.do
>
>
> If you plan well you should also be able to figure out which page the user
> was heading to when their session timed out and pass that back to the
login
> screen so that they go directly to it after login. I can't give an example
> of this because we haven't implemented it yet.
>
> HTH,
>
> Justin
>
> ----- Original Message -----
> From: "Doug Ogateter"
> To: "Struts Users Mailing List"
> Sent: Tuesday, December 17, 2002 9:26 AM
> Subject: Struts and session
>
>
> >
> > Greetings:
> >
> > I am using struts1.1b2 to implement a web application. I have a
> > question regarding to implementing session timeout. When session is
> > invalidated, user who has logged in the system should be forwarded to
> login page.
> > I am not clear about the followings, and hope someone can help me out.
> >
> > 1. Should I use request.getSession(false) to check if session is
> > timeout? If so, that means for every request, it will check if session
is
> > invaildate. Will it cause performance problem? If not, which methods
> > should I call to check it?
> >
> > 2. If I should use request.getSession(false) to check session timeout,
> > where should I write the code? Should I write the code in every action
> > class?
> >
> > 3. There are many methods related to session, such as getCreationTime,
> > getLastAccessedTime,..Where and how should I use them in the
> > implementation?
> >
> > 4.From my understanding, I can set timeout in web.xml or use
> > setMaxInactiveIterval(int ..). Usually which way should be use?
> >
> > 5. After user login, I want to forward the user to the page where he
> > was when session timeout. Where should I save the information(with the
> > information, I know where I should forward the user to)?
> >
> > I searched the archive. However, it seems that I can't find the
> > specific info.
> >
> > Your help is highly appreicated.
> >
> > Doug
> >
> >
> >
> >
> > ---------------------------------
> > Post your free ad now! Yahoo! Canada Personals
> >
>
>
> --
> To unsubscribe, e-mail:
> For additional commands, e-mail:
>
>
>
> ---------------------------------
> Post your free ad now! Yahoo! Canada Personals
>


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: Struts and session

Posted by Doug Ogateter <hi...@yahoo.ca>.
Justin:
 
Thank you for reply.
That's a good idea. One more question, can filter works with struts?
Doug
 Justin Ashworth <ju...@ashworth.org> wrote:Hi Doug,

We use a javax.servlet.Filter to check for an expired session. I found this
idea on some website or in the Struts-User archives and it makes the most
sense to me. All requests go through the filter before they hit the
servlet, so this is the perfect place to check for whether or not a user is
logged in - it's hidden away and it's executed before anything else. Just
create a class that implements javax.servlet.Filter. There are three
methods to implement in this class, but the real work will be done in the
doFilter() method. In doFilter() you can call
request.getSession().getAttribute("someAttribute") on an attribute that
should always be there if the session is valid, and if it's not there
forward them to the login screen (this will be a RequestDispatcher.forward()
and not a Struts ActionForward). Your doFilter() method will be specific to
your application, but the other two methods you need to implement,
getFilterConfig() and setFilterConfig() are just a basic getter and setter
for a FilterConfig member variable. Also, it is good practice that if you
aren't forwarding back to the login page in your doFilter method, you call
filterChain.doFilter(request, response). filterChain is a parameter to this
method and represents a chain of filters you have configured in your web.xml
file. See the JavaDoc for more info. Your entry for the filter in your
web.xml file will look something like this:


LoginFilter
com.d.p.w.LoginFilter



LoginFilter
*.do


If you plan well you should also be able to figure out which page the user
was heading to when their session timed out and pass that back to the login
screen so that they go directly to it after login. I can't give an example
of this because we haven't implemented it yet.

HTH,

Justin

----- Original Message -----
From: "Doug Ogateter" 
To: "Struts Users Mailing List" 
Sent: Tuesday, December 17, 2002 9:26 AM
Subject: Struts and session


>
> Greetings:
>
> I am using struts1.1b2 to implement a web application. I have a
> question regarding to implementing session timeout. When session is
> invalidated, user who has logged in the system should be forwarded to
login page.
> I am not clear about the followings, and hope someone can help me out.
>
> 1. Should I use request.getSession(false) to check if session is
> timeout? If so, that means for every request, it will check if session is
> invaildate. Will it cause performance problem? If not, which methods
> should I call to check it?
>
> 2. If I should use request.getSession(false) to check session timeout,
> where should I write the code? Should I write the code in every action
> class?
>
> 3. There are many methods related to session, such as getCreationTime,
> getLastAccessedTime,..Where and how should I use them in the
> implementation?
>
> 4.From my understanding, I can set timeout in web.xml or use
> setMaxInactiveIterval(int ..). Usually which way should be use?
>
> 5. After user login, I want to forward the user to the page where he
> was when session timeout. Where should I save the information(with the
> information, I know where I should forward the user to)?
>
> I searched the archive. However, it seems that I can't find the
> specific info.
>
> Your help is highly appreicated.
>
> Doug
>
>
>
>
> ---------------------------------
> Post your free ad now! Yahoo! Canada Personals
>


--
To unsubscribe, e-mail: 
For additional commands, e-mail: 



---------------------------------
Post your free ad now! Yahoo! Canada Personals

Re: Struts and session

Posted by Justin Ashworth <ju...@ashworth.org>.
Hi Doug,

We use a javax.servlet.Filter to check for an expired session.  I found this
idea on some website or in the Struts-User archives and it makes the most
sense to me.  All requests go through the filter before they hit the
servlet, so this is the perfect place to check for whether or not a user is
logged in - it's hidden away and it's executed before anything else.  Just
create a class that implements javax.servlet.Filter.  There are three
methods to implement in this class, but the real work will be done in the
doFilter() method.  In doFilter() you can call
request.getSession().getAttribute("someAttribute") on an attribute that
should always be there if the session is valid, and if it's not there
forward them to the login screen (this will be a RequestDispatcher.forward()
and not a Struts ActionForward). Your doFilter() method will be specific to
your application, but the other two methods you need to implement,
getFilterConfig() and setFilterConfig() are just a basic getter and setter
for a FilterConfig member variable.  Also, it is good practice that if you
aren't forwarding back to the login page in your doFilter method, you call
filterChain.doFilter(request, response).  filterChain is a parameter to this
method and represents a chain of filters you have configured in your web.xml
file.   See the JavaDoc for more info. Your entry for the filter in your
web.xml file will look something like this:

    <filter>
        <filter-name>LoginFilter</filter-name>
        <filter-class>com.d.p.w.LoginFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>LoginFilter</filter-name>
        <url-pattern>*.do</url-pattern>
    </filter-mapping>

If you plan well you should also be able to figure out which page the user
was heading to when their session timed out and pass that back to the login
screen so that they go directly to it after login.  I can't give an example
of this because we haven't implemented it yet.

HTH,

Justin

----- Original Message -----
From: "Doug Ogateter" <hi...@yahoo.ca>
To: "Struts Users Mailing List" <st...@jakarta.apache.org>
Sent: Tuesday, December 17, 2002 9:26 AM
Subject: Struts and session


>
> Greetings:
>
> I am using struts1.1b2 to implement a web application. I have a
> question regarding to implementing session timeout. When session is
> invalidated, user who has logged in the system should be forwarded to
login page.
> I am not clear about the followings, and hope someone can help me out.
>
> 1. Should I use request.getSession(false) to check if session is
> timeout? If so, that means for every request, it will check if session is
> invaildate. Will it cause performance problem? If not, which methods
> should I call to check it?
>
> 2. If I should use request.getSession(false) to check session timeout,
> where should I write the code? Should I write the code in every action
> class?
>
> 3. There are many methods related to session, such as getCreationTime,
> getLastAccessedTime,..Where and how should I use them in the
> implementation?
>
> 4.From my understanding, I can set timeout in web.xml or use
> setMaxInactiveIterval(int ..). Usually which way should be use?
>
> 5. After user login, I want to forward the user to the page where he
> was when session timeout. Where should I save the information(with the
> information, I know where I should forward the user to)?
>
> I searched the archive. However, it seems that I can't find the
> specific info.
>
> Your help is highly appreicated.
>
> Doug
>
>
>
>
> ---------------------------------
> Post your free ad now! Yahoo! Canada Personals
>


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Struts and session

Posted by Doug Ogateter <hi...@yahoo.ca>.
Greetings:

I am using struts1.1b2 to implement a web application. I have a 
question regarding to implementing session timeout. When session is 
invalidated, user who has logged in the system should be forwarded to login page. 
I am not clear about the followings, and hope someone can help me out.

1. Should I use request.getSession(false) to check if session is 
timeout? If so, that means for every request, it will check if session is 
invaildate. Will it cause performance problem? If not, which methods 
should I call to check it?

2. If I should use request.getSession(false) to check session timeout, 
where should I write the code? Should I write the code in every action 
class?

3. There are many methods related to session, such as getCreationTime, 
getLastAccessedTime,..Where and how should I use them in the 
implementation?

4.From my understanding, I can set timeout in web.xml or use 
setMaxInactiveIterval(int ..). Usually which way should be use?

5. After user login, I want to forward the user to the page where he 
was when session timeout. Where should I save the information(with the 
information, I know where I should forward the user to)?

I searched the archive. However, it seems that I can't find the 
specific info.

Your help is highly appreicated.

Doug




---------------------------------
Post your free ad now! Yahoo! Canada Personals