Hi guys, Im trying to reject users whose sessions was invalidated (in
purpose because a logout or timeout)
But I found that there is not logic combination in the session valid or
invalid methods.
Case 1
First request
Session.isNew() TRUE
Request.isRequestedSessionIdValid() FALSE
We can say that this is ok because you are still not authenticated.
Case 2
Session timeout
Next request will be
Session.isNew() TRUE because creates a new session
Request.isRequestedSessionIdValid() FALSE
The funny thing is if I request the session with create in false, it
always returns an object
Request.getSession(false) != null ALWAYS in this case.
I have no way to verify if the session was invalidated by a timeout.
I made a listener and put the invalid session in the DB but I have no
way to identify because
When a client comes back from a invalid session, it creates a new one.
Do you know any way ?
Thanks
Rodrigo
-------------------------------------------------------------------
Rodrigo Asensio
Fuel Management Services
Gilbarco Veeder Root
phone: +1 336 547 5023
email: rodrigo.asensio@(protected)
<mailto:rodrigo.asensio@(protected)>
(~'~~'~~'~~)
| |
| |
| ~|~
|-------())
( _)
| |
| |
''.. |
|'..'---_/\
/ ''---|| /\
/ \ \\/\/
| \ / \_/
| \/\\ | \
This message (including any attachments) contains confidential
and/or proprietary information intended only for the addressee.
Any unauthorized disclosure, copying, distribution or reliance on
the contents of this information is strictly prohibited and may
constitute a violation of law. If you are not the intended
recipient, please notify the sender immediately by responding to
this e-mail, and delete the message from your system. If you
have any questions about this e-mail please notify the sender
immediately.
---------------------------------------------------------------------
To start a new topic, e-mail: users@(protected)
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)
