Session

Hey fellas,
I got a Struts web-based application that basically have to provide user's loggon and in each Action I have to check if this "LOGGED" attribute is set. To do this, I put an user object in the session. But I don't know why it do not work:
1) request.getSession().setAttribute("LOGGED", user);
2) String sentinel = request.getSession().getAttribute("LOGGED") == null ? "deny" : "allow";
The issue is that in the second step I allways get null
Is there a "Struts-Way" to manipulate the session scope? Any idea?
Tks,

hi,
the only possible mistake i can see is that you probably don't have a user-object when storing it to the session in step 1)
just check your 'user'-object or post the entire code of this action.
let me know please

Hi Martin,
Thanks for helping me. In fact, I've already checked the user object, and I'm sure that isn't null. Please take a look at the code that matters:
// I call this method in my LoginAction public static void setLogin(HttpServletRequest request, User user) { if (null != user) { HttpSession httpsession = request.getSession(); httpsession.setMaxInactiveInterval(600); httpsession.setAttribute("LOGGED", user); } else { request.getSession().removeAttribute("LOGGED"); } } // Then in my other Actions I do this public ActionForward execute( ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception { // START OF LOGIN HEADER String status = request.getSession().getAttribute("LOGGED") == null ? "deny" : "allow"; if (status.equals("deny")) return mapping.findForward("error"); // END OF LOGIN HEADER ...
I'm already frustrated with this, hehe. Not even the <bean efine/> tag worked at all, usin' toScope="session" in the login_ok.jsp page (this page manipulate the user object, so I can say that is not null).

public void setLogin(HttpServletRequest request, User user) { if (null != user) { //if a session already exists invalidate it HttpSession httpsession = request.getSession(false); if (session != null){ session.invalidate(); } //create a new session httpsession = request.getSession(true); //for now dont set the inactive interval. use the default. //httpsession.setMaxInactiveInterval(600); httpsession.setAttribute("LOGGED", user); } //not needed if user is null, return an Error ActionForward before calling this method. /* else { request.getSession().removeAttribute("LOGGED"); }*/ }
then in other action classes do this
// Then in my other Actions I do this public ActionForward execute( ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception { // look for existing session. HttpSession session = request.getSession(false); System.out.println("Existing session " + session); if(session == null || session.getAttribute("LOGGED") == null){ //return Error here. }
request.getSession( ) --> will return a session object if it is already there else will CREATE a new one. Now you dont want to CREATE new one in any of your action classes (other than login). So supply a boolean argument false to get to the existing session.(check servlet javadocs).
If the session got expired before reachign this action then you w'd end up creating a new session using this method. try these changes.

Thanks Karthik, but your changes didn't work for me. Please take a look for the System.out.println:
Existing session org.apache.catalina.session.StandardSessionFacade@c272bc
Why it do not work at all? It's so spooky... Maybe my Tomcat 4.1.24 got some bug. Anybody think so?