• Post Reply Bookmark Topic Watch Topic
  • New Topic

Session timeouts and servlets/JSP - newbie question  RSS feed

 
John Callahan
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
are appservers required to check for valid sessions before executing the code in a servlet? - ie. is it the programmers responsibility to check for valid session before accessing a session parameter?
if the appservers (specifically weblogic) check for invalid sessions is there some way to specify an error page?
thanks
 
Dana Hanna
Ranch Hand
Posts: 227
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
They do not check for a session.
You would have to handle this by accomodating a null value from the getAttribute method, or check for a valid session using "request.getSession(false);" By saying false, you are telling the container not to create it if it isn't there. In this case, that method will return null if there is no session.
A better idea is to implement J2EE security. If a user's session is lost, so is thier security context, and they will be thrown to the logon page...
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!