You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by si...@WellsFargo.COM on 2000/08/22 22:31:05 UTC

Session persistence question

> All:
> We have observed the following behavior:
>  
> 1. login.html accepts user information and passes if to a servlet called
> LoginHandler
> 2.  LoginHandler servlet creates a session and puts a String loginDone in
> the session object.
> 
> 	HttpSession session = request.getSession(true);
> 	session.putValue("loginDone", userName); 
> 
> 3. for every jsp and servlet we check out if the user is logged on or not,
>     If s/he is not logged on we redirect the user to login screen
> 
> 	if (loginDone == null){
> 		response.sendRedirect("/login.html");
> 	}
> 
> It works fine but the problem is when the user has already logged in and
> s/he creates a new browser instance s/he is not redirected the login
> screen because the loginDone is not null for the new browser screen. I
> want to force her to login in this case. I tried this with both IE5 and NS
> web browers.
> "session.isNew()" is false, loginDone contains the user name and
> session.getId() contains the same session id.
>       A new session is created only if we launch a different browser or
> restart the web server.
> 
>      We are using iPlanet web server 4.1 running on HP/UX. 
>      
>      So... the question is:
>     is the expected behavior for the servlet engine to encompass all
> instances of the *same* browser in the same session? Does the browser
> cache        previously hit URLs (with the embedded sessionid). We though
> that every instance of the browser would start cleanly and that it would
> know nothing about previous sessions.
>     Any assistance would be appreciated...
>

Re: Session persistence question

Posted by Matt Goss <mg...@rtci.com>.

This is an unfortunate side effect of the way Browsers track sessions. At this
current time, sessions are only tracked per browser (ie. machine), not per
browser window. For instance if you are using ie and you have a session cookie
set. As long as you are using ie and that cookie is valid, you will have the
same session for any window ie opens. The same scenario works for goes for
Netscape.
I don't think there is a way around this, but if there is I would love to hear
it! :)
Matt Goss

sicaudp@WellsFargo.COM wrote:

> > All:
> > We have observed the following behavior:
> >
> > 1. login.html accepts user information and passes if to a servlet called
> > LoginHandler
> > 2.  LoginHandler servlet creates a session and puts a String loginDone in
> > the session object.
> >
> >       HttpSession session = request.getSession(true);
> >       session.putValue("loginDone", userName);
> >
> > 3. for every jsp and servlet we check out if the user is logged on or not,
> >     If s/he is not logged on we redirect the user to login screen
> >
> >       if (loginDone == null){
> >               response.sendRedirect("/login.html");
> >       }
> >
> > It works fine but the problem is when the user has already logged in and
> > s/he creates a new browser instance s/he is not redirected the login
> > screen because the loginDone is not null for the new browser screen. I
> > want to force her to login in this case. I tried this with both IE5 and NS
> > web browers.
> > "session.isNew()" is false, loginDone contains the user name and
> > session.getId() contains the same session id.
> >       A new session is created only if we launch a different browser or
> > restart the web server.
> >
> >      We are using iPlanet web server 4.1 running on HP/UX.
> >
> >      So... the question is:
> >     is the expected behavior for the servlet engine to encompass all
> > instances of the *same* browser in the same session? Does the browser
> > cache        previously hit URLs (with the embedded sessionid). We though
> > that every instance of the browser would start cleanly and that it would
> > know nothing about previous sessions.
> >     Any assistance would be appreciated...
> >

Beans question

Posted by Andrew Stubbs <an...@stusoft.com>.

I get the following error.

Error: javax.servlet.ServletException:  Cannot create bean of class
com.instantjsp.LoginManager


Does this mean the bean cannot be found or there is a problem running the
bean ?
The programs are from a book / CD and I have followed the install
instructions for them. The jar file is in
tomcat/lib and in the htdocs/classes directory. The manifest has the
appropriate classes that are beans marked as such.
Looking at the code in /work this error seems to come from a try / exception
block around a Beans.instantiate command

Ideas anyone ?

Andrew