Win a copy of Micro Frontends in Action this week in the Server-Side JavaScript and NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Paul Clapham
  • Bear Bibeault
  • Jeanne Boyarsky
Sheriffs:
  • Ron McLeod
  • Tim Cooke
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Jj Roberts
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • salvin francis
  • Scott Selikoff
  • fred rosenberger

Session Timeout problem

 
Ranch Hand
Posts: 31
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All:

I am using Tomcat 5.5, Struts and using Form-Based JDBC Realm Authentication.

I also have a concrete implementation of HttpSessionListener which contains debug statements in both sessionCreated and sessionDestroyed methods.

When I start my program in Eclipse using Run-As->Run-On-Server, I see a debug statement in my Console

"Session has been Created".

This surprises me as I expect this to be generated when the User has logged-on to the System using the Form-based Authentication.

After I log in my session for which timeout has been set to 1 minute will expire and I will corectly get a debug statement from sessionDestroyed() method that "session has been expired".


But then I try to click on any link on my Application, it correctly redirects me to the Form-based Login Page but in the Console I see "Session has been created".

Tryin to login results redirection to the Default Error Page where the Exception printed is:

This Line corresponds to Code in my Action where I am trying to retrieve an attribute from the session and it is null.

What I dont understand is why "session" is being created on the startup of the browser - and if that is normal - why after session time-out clicking on any link "creates another session"

Thanks for your kind responses.

Chetan
 
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In form based authentication the main logic of authenticating usename and password from your LDAP (or any other realm) is done by the J_security_check.That might be creating session in the advance before the user sends in the credentials to this for verification.
 
Beware the other head of science - it bites! Nibble on this message:
the value of filler advertising in 2020
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic