You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Chetan Pandey <cp...@bluesingapore.com> on 2006/11/09 04:58:42 UTC
RE: Session Creation in Tomcat...Session timeout
This must then be related to the session-timeout problem I am facing.
This is what is happening:
When my Session - currently set to 1 minute in web.xml - times-out clicking
on any LINK automatically redirects me to the Login Page.
On re-logging in, through the logs I am observing that it is not going to
the LoggingAction Class but directly to the Link that was clicked.
But the problem is in my LoggingAction I set a number of Session Variables
such as "principalInSession" which are referenced by the pages
This session attribute "principalInSession" remains "null" and hence I get a
NullPointerException.
The surprising thing is that on Time-out if I refresh the page and then
redirected to the Login-page, the above problem doesn't occur i.e it goes to
the LoggingAction class and everything is normal.
Thanks for all your help.
Chetan
-----Original Message-----
From: Mark Thomas [mailto:markt@apache.org]
Sent: Thursday, November 09, 2006 11:52 AM
To: Tomcat Users List
Subject: Re: Session Creation in Tomcat
Chetan Pandey wrote:
> I am also using Formm-based JDBC-JNDI Realm based Authentication.
> So can anyone pls clarify if the session is supposed to be created
when we
> l;aunch the URL or session is supposed to be created when the User
logs in.
FORM authentication requires a session so one gets created as soon as
you request a protected page, ie before the user has actually logged in.
Mark
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Session Creation in Tomcat...Session timeout
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chetan,
Chetan Pandey wrote:
> When my Session - currently set to 1 minute in web.xml - times-out clicking
> on any LINK automatically redirects me to the Login Page.
>
> On re-logging in, through the logs I am observing that it is not going to
> the LoggingAction Class but directly to the Link that was clicked.
Correct. The way that the built-in login mechanism works, a request for
a protected page is challenged with a login screen if there's no
existing login.
Upon successful login, the user goes directly to the target page -- not
through some special "login" code that you want.
Before switching to securityfilter for my authentication and
authorization, I write a Filter that did this for me. The code was
basically this:
if(request.getPrincipal() != null)
{
if(null == session || session.getAttribute(MY_USER_BEAN))
{
// do login-type stuff
}
}
chain.doFilter(request, response);
That's all it takes. Now, whenever anyone logs in, they automatically
get this code run so you can set up your sessions.
I still haven't changed this after my move to securityfilter, and it
works very well.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFU69z9CaO5/Lv0PARAl2TAKCOeOMEv5iIpNiWP7514izkNVUdGwCfQtHO
g3hcbpQPq24GNncmxBoBTb4=
=+GJ8
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org