The use case for the site im working on allows a user to browse pages without first logging in. The user may logon at anytime, and if authenticated, the user gets an extra menu of functionality.
However, the site requires knowledge of the users location for every page (as the location is used on 99% of the pages in some way), so right up front, if the user accesses the site and the locationId is not set, the user is forwarded to a page that asks for the locationId.
At first, I wanted to try and persist the locationId via rewriting the URL but that got to be too cumbersome, so I decided to just put it on the session.
Problem is, if the user enters his locationId which gets stored on the session, when he logs on, the session id changes, so the user is asked once again to enter the info.
Is there a way to detect a sessionid change so I can move the contents of one session to another? im looking at the listeners, but not sure if any of these will do the trick.
I love this place!
Joined: Mar 23, 2010
Sean Clark wrote:Hey,
Hey Sean, thanks for the link. I guess I should have mentioned that this is for users that have cookies disabled. The site needs to operate with and without cookies the same way. When cookies are enabled, everything is cool.
I've worked on projects where when a user logs in the session is changed, I think it is to prevent session hijacking of an authenticated users' session. I don't know what security you use, but in Spring Security there is an option to copy all session attributes into the new session? Perhaps you can do something like that to keep your location attributes?