I'm trying to get my login/logout procedures locked down in a Struts2 app, and I've run into a bit of a snag.
edit: If I didn't make this obvious, this doesn't work. After logout, the check functions as intended, but not '#session.user == ""'.
session.user is only set at login and logout now (to the username at login, and "none" at logout). I want to catch the case where someone visits the site without having any session information yet - ie session.user hasn't been created/initialized yet. I don't want to set session.user to something whenever a user visits the site, so they can "remember" their login for a set period of time for a while. What should the check be for that?
Thanks for any help!
[ November 26, 2008: Message edited by: Sam Gardner ] [ November 26, 2008: Message edited by: Sam Gardner ]
Aren't you checking for an empty string? What happens if you check for null?
That said, this isn't the way I'd recommend doing something like that--this seems like it'd be something better put in an interceptor, rather than polluting all the JSP pages with the extra code.
Joined: Jul 22, 2008
I've tried checking for null, and it doesn't work, at least like '#session.user != null'. Is that how you check for null values in Struts? I'm quite new at this framework, if it isn't completely obvious.
As far as interceptors go, this way first occured to me, and the if/then I have now is implemented in "templates" that I include in my JSP pages to keep all of the common code easy to manage, so the checks don't do much cluttering up of the page. Unless there's a decent performance hit, I'd rather figure this out and work on an equivalent interceptor later on.
Thanks [ November 26, 2008: Message edited by: Sam Gardner ]
subject: Default not-initialized Struts2 session value