-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mukarram,
On 4/20/2011 1:43 PM, Mukarram Baig wrote: > To clarify, the application is > not being defined as being distributable in my web.xml. Okay, so Tomcat will not enforce the must-be-serializable rule, then. Note that you can have an object that implements Serializable but is still not actually serializable if you don't follow all the serialization rules. > The exceptions that > I am seeing here are not at webapp restarts (we basically have very > infrequent application restarts and we can afford to lose out on the user > sessions in these scenarios) but during the normal running of the > application. Which exceptions? NPEs or NotSerializableException? Please post stack traces of both exceptions. > Chris, you have mentioned a very interesting point that one should do > null-checks when accessing session objects. I was not quite able to > understand the reason why this is so? Because the session can be re-created at any time. Consider this scenario: 1. User logs in and navigates to a web page. This web page needs session information to display itself (use your imagination). 2. User explicitly logs out, then hits BACK on their browser. Or, if you prefer, their session times out due to inactivity. 3. User re-loads the page. 4. If you are using contained-managed authentication, the user will be assigned a new session and then asked to provide their credentials, and upon successful login they will be redirected back to the page in step #1 (and #3) 5. Your software tries to access an object in the session to display the page. This object isn't there anymore because of the session timeout, so you get an NPE. > Thanks in advance again! > > P.S.: I am subscribed via the digest option and didn't know how quite to > reply to a thread, so apologies if this opens up a new thread :) BTW, why do > we not have a web interface for this? Yeah, digest is kind of a pain since your replies will go "to the list" and not be tied to any one thread. Just subscribe to the list and put the messages into a folder or something. You can delete anything you don't care about. Web interface? Try Nabble or any one of the other web-based mailing-list interfaces. They work fine with this list. You can start a holy war on a mailing list asking why it's not web-based, so let's just drop it. :) - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2wOggACgkQ9CaO5/Lv0PAregCfYu9OAT3fKMNEOjoSSCTDIlAX uo8AnRCD/8aU39YP4wkHyhdF6jtfILrn =yraY -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
