Hi,
I have an app in which users do not have to login, but each user does have
its own session.

I tried to come with a way to detect whether the users current session has
expired, but I can't seem to find a way to differentiate between 'no'
session and an 'expired' session.

What I had was:
    if (request.getRequestedSessionId() != null &&
!request.isRequestedSessionIdValid()) {
      response.sendRedirect(this.getInitParameter("session_timeout_url"));
      return;
    }

this works, as long as the servlet is not called from a different context
in which another session is already active.

If I use a sessionlistener to flag somewhere that the session for a certain
session id is no longer valid, this 'flag'repository will keep on growing,
it would probably take forever to cause problems, still is doesn't seem
like a good solution.

Why isn't there something like session.isValid(); so that
request.getSession(false) returns a session object which can be queried for
validness? Now it returns null, which makes it a bit hard to determine
session history.

Greetz
Hans


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)