On 22/04/2010 22:24, Paul Carroll wrote: > Yes. I put the session marker in my filter and I perform a simple check each > time through the filter to determine if the marker exists and to check if it > equals the current session id.
The session id itself may change during login, so I'm not sure if you should rely on this. Since Tomcat 6.0.21 http://issues.apache.org/bugzilla/show_bug.cgi?id=45255 p > Thanks. > > --- ch...@christopherschultz.net wrote: > > From: Christopher Schultz <ch...@christopherschultz.net> > To: Tomcat Users List <users@tomcat.apache.org> > Subject: Re: Session Timeout - Filter Not Called > Date: Thu, 22 Apr 2010 16:45:10 -0400 > > Paul, > > On 4/22/2010 2:44 PM, Paul Carroll wrote: >> I guess what I really need to be able to do is determine when a user creates >> a new session. This could either be done by the user opening the browser >> and browse to our application where the user logs in and the new session is >> created. Or the user's session times out and the user is presented with our >> login page and the user will login and a new session is created. > > I think Bob's suggestion that you use a session marker variable will > take care of this for you, no? > > >> --- rfha...@yahoo.com wrote: > >> From: Bob Hall <rfha...@yahoo.com> >> To: Tomcat Users List <users@tomcat.apache.org> >> Subject: Re: Session Timeout - Filter Not Called >> Date: Mon, 12 Apr 2010 23:58:45 -0700 (PDT) > >> Paul, > >> --- On Mon, 4/12/10 at 7:21 AM, Paul Carroll <pcarr...@nfmail.net> wrote: > >>> That works in that my filter is >>> called when the session times out and the user is redirected >>> to the login page. However, the Referer header makes >>> no indication that the user is logging in. > >> What does the referrer header contain? > >>> If the request URI is not null, then I can redirect them to the requested >>> URI if it has been determined that it is a "safe" area that >>> does not need any session variables established. Is >>> there a way to determine if the user's session has timed out >>> and the user is logging in once again? > >> Check for the session variables that would have been set? > >> - Bob > > > > >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org > > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
signature.asc
Description: OpenPGP digital signature
