And yes, I do it in every protected Action, but of course, via one line of code that invokes a base class.
Erik
David Johnson wrote:
hi all
have a logoff action, and inside it I do the following.
// Clean up the session if there is one HttpSession session = request.getSession(); session.invalidate();
When I watch what's happening in the manager application (I'm using Tomcat) the number of sessions does not decrease, and I can back up in the browser and call actions, all of which have code to check for a valid session..
This raises a question.. what's the best way in my web-app to make sure the user is valid? should I check in **every** action?
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
