Hello,
First off, I am having trouble with creating a more elegant solution to a
proboem.
A- Problem, I have a site that requires authentication (form-based) when they
hit our site.
Upon building the site which requires an "AppObject" and "UserObject", I
subclassed the
RequestProcessor, and put in logic to ensure that both objects existed.
This works good.
Next, I needed to find out when a user's session expired. Upon further
investigation,
I subclassed an Action class and added a new executeAction(signature) that
pulled in
the AppObject and UserObject that were in the session from the Request
Processor.
I then checked if the UserObject had a logged-in flag. If so, great, they can
work, else
I would throw them to the front door and create a ActionMessage that says
"Session Expired".
All of this works, and does its job. Problem is now, I am not happy with my
creation. It screwed with my ability to use
DispatchAction and LookupDispatchAction. Two things I wasn't sure I would need
when I began.
Anyway, I have searched and searched, and was hoping someone may have a better
way to handle
this session-management possibly all in the RequestProcesor?
The problem I am finding, is that I create new UserObject and AppObject each
time someone comes through, because I do not know if they
are new or returning users. It is not until they are looking for an inside
page, that I am aware they are not valid.
Does this make sense? I figured a lot of you out there may have this same type
of secure site. Any ideas?
Thanks,
Scott K Purcell
