Hello All,
I've been working with
Struts for a little while now and had built the beginnings of a site. My host is running TC 5, so I upgraded from TC 4 on my development machine. I don't know if my problems coincided with that move or not, but now I'm experiencing some weird behavior.
The site has some "secured" areas that are protected with form authentication. All my
JSP URLs are URLEncoded() so they pass the jsessionId in each link. That works fine, and the session ID stays the same.
When a user logs in, the form gets passed to the LoginAction which authenicates the user from a database, then I set ActionForm and set it in a session Attribute:
The first page after the login, the jsessionid is gone from the URL and as soon as I go to another page, the session is "lost" to where the site doesn't think the user is logged in anymore (it's checking for that loginUser attribute).
I've done a bunch of searching here since this seems like the best Struts forum around, and it looks like it may be in my getSession(), where I should be passing the false parameter. I have other getSessions(), so I think I need to change those too, but figured I'd throw it out here first.
Marc often posts about the three things to do to not track sessions. I need to be able to use the session variable in my JSPs, so I can't go that route, but would it help to turn off the locale and maybe not use the <HTML:HTML> tag?
I need to go through my code and try a few things, but figured I'd throw it out here for comments.
Thanks!
Wes