You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by "Reddy, Shyamsunder" <Sh...@AIG.com> on 2007/02/06 18:53:14 UTC
Struts Application Design Issue
Hi,
I am developing a Struts 1.1 based application to be deployed in Web
Sphere Application Server 5.1. There is no login page in the application,
but I nee d to make sure that valid session exists with each request and
session should be created only once at one place. So I have a subclass the
extends TilesRequestProcessor class. Inside my subclass, in the method
processPreprocess(), I have added the following code:
HttpSession session = request.getSession(false);
if(session != null){
if(session.isNew()){
//It is a new session. So request should from first page of
the application.
}else{
//It is an old session. Make sure it is valid session
UserObject userObject =
(UserObject)session.getAttribute("USER_OBJECT");
if(userObject != null){
//continue the folloe
}else{
//Stop the flow and show home page.
}
}
}else {
//there is no session, so create one here
session = request.getSession(true);
}
My questions are:
1. How to make sure that ActionServlet doesn't create any session using
request.getSession(true) before the Request Processor class is classed.
2. How can I use request.isRequestedSessionIdValid() to make sure that
client has already accepted the current session.
3. How Struts handles the Session tracking mechanism: Cookie, URL
Rewriting. On my Websphere Test Server, I have enabled both. So this way I
found that if cookie is disabled on my browser, it automatically adds a
jsessionid to URLs.
4. What is the best to way to handle HttpSession creation and
invalidation when Using Struts.
5. Does Struts support Session tracking or do we need to depend on web
container settings (Websphere, WebLogic)
Thanks
Shyamsunder
Re: Struts Application Design Issue
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Shyamsunder,
Reddy, Shyamsunder wrote:
> 1. How to make sure that ActionServlet doesn't create any session using
> request.getSession(true) before the Request Processor class is classed.
I don't believe that Struts ever calls request.getSession(true). Are you
having a problem with something?
> 2. How can I use request.isRequestedSessionIdValid() to make sure that
> client has already accepted the current session.
I don't believe that this method can make any claims about the client's
acceptance of the session. It simply means that the session id provided
by the client does in fact match a currently valid session.
> 3. How Struts handles the Session tracking mechanism: Cookie, URL
> Rewriting. On my Websphere Test Server, I have enabled both. So this way I
> found that if cookie is disabled on my browser, it automatically adds a
> jsessionid to URLs.
Struts does not deal with session tracking: it is done entirely by the
contained (in your case, Websphere). Typically, a servlet container will
prefer cookies but also fully-support URL rewriting. Typically, there's
no need to use both cookies /and/ URL rewriting for a particular
session. If the browser does not accept cookies, the server should
fall-back to URL rewriting (assuming you have correctly encoded all of
your outgoing URLs).
> 4. What is the best to way to handle HttpSession creation and
> invalidation when Using Struts.
Struts does not provide any specific mechanisms for dealing with
sessions. However, your container (Websphere) should have those kinds of
capabilities (containers are required to support container-managed
authentication and authorization using security settings in web.xml).
> 5. Does Struts support Session tracking or do we need to depend on web
> container settings (Websphere, WebLogic)
You should rely on your servlet container for this type of thing. Struts
/uses/ some of that stuff, but it is provided by your servlet container.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFyMOq9CaO5/Lv0PARAhu/AKCGtB2iVA5AtIV+HAn54eotlr83zwCfTazd
g0sw3pooucJqFTNZWc35c58=
=OQNT
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org