-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Martin,
Martin Dubuc wrote: > The problem that I am facing is that since the application is using a > new session, there might be some session based variables that are not > initialized. If you want your application to work properly in this situation, you'll need to add checks to your code to ensure Session integrity before proceeding. If there's a problem, redirect to some benign location. > Ultimately, if Tomcat is restarted, I would rather the user be > redirected to a predetermined page (some kind of home page), but it > seems that instead, and I believe this is as per the servlet spec, > Tomcat displays the page information it had stored in its container > before restarting. Correct. > Any advice on how to best handle this? That depends on a few things. You could write a filter that tests for certain session contents and, in their absence, redirects the user to your preferred page. The problem here is that the session is (probably) not expected to look the same in all parts of your application, so it's hard to tell which session key to choose. Perhaps your "default page" inserts something into the session like "user is still logged-in". Another choice (which I like the best) is to upgrade your application to tolerate Tomcat's behavior. Honestly, I like this the best because it makes it possible for people to resume their session rather than having to start all over again (which really sucks for certain operations). The last option I can think of is to use securityfilter (http://securityfilter.sourceforge.net) and hack-up the FormAuthenticator such that it redirects you to a specific location instead of the original, saved request. There's a feature in the CVS head where you can specify where to go once you are properly authenticated (which overrides the go-to-saved-request behavior). You could use this, too. Hope that helps, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjYD9QACgkQ9CaO5/Lv0PALYwCfdxSV9ocTi0vC6l+ehZt4yYWO hV4AnRJbvo2WNvN8giZoc6qAveEiR7yF =jzKg -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
