posted 16 years ago
just a passing thought.
are you trying to simulate the situation where a user keeps his browser open for a long time, and then clicks on link
and sees
"Sorry your session has timed out"
and in cases he has explicitly logged out, he sees the login page?
one way I see to achieve this is-
in the first case, the browser sends in a JSESSIONID in the cookie header that refers to a nonexistent session. therefore getSession(false) would return null
in the second case, neither is such a header sent, nor is the session available.
if i am not mistaken that is...
i might be missing something here- haven't thought on these lines for a long time.
so you could probably insert a filter that does this check.
"It's not enough that we do our best; sometimes we have to do<br />what's required."<br /> <br />-- Sir Winston Churchill