aspose file tools*
The moose likes Servlets and the fly likes Session Timeout problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Session Timeout problem" Watch "Session Timeout problem" New topic
Author

Session Timeout problem

Chetan Pandey
Ranch Hand

Joined: Aug 01, 2005
Posts: 31
Hi All:

I am using Tomcat 5.5, Struts and using Form-Based JDBC Realm Authentication.

I also have a concrete implementation of HttpSessionListener which contains debug statements in both sessionCreated and sessionDestroyed methods.

When I start my program in Eclipse using Run-As->Run-On-Server, I see a debug statement in my Console

"Session has been Created".

This surprises me as I expect this to be generated when the User has logged-on to the System using the Form-based Authentication.

After I log in my session for which timeout has been set to 1 minute will expire and I will corectly get a debug statement from sessionDestroyed() method that "session has been expired".


But then I try to click on any link on my Application, it correctly redirects me to the Form-based Login Page but in the Console I see "Session has been created".

Tryin to login results redirection to the Default Error Page where the Exception printed is:

This Line corresponds to Code in my Action where I am trying to retrieve an attribute from the session and it is null.

What I dont understand is why "session" is being created on the startup of the browser - and if that is normal - why after session time-out clicking on any link "creates another session"

Thanks for your kind responses.

Chetan
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
In form based authentication the main logic of authenticating usename and password from your LDAP (or any other realm) is done by the J_security_check.That might be creating session in the advance before the user sends in the credentials to this for verification.


Rahul Bhattacharjee
LinkedIn - Blog
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Session Timeout problem