• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Session Timeout problem

 
Ranch Hand
Posts: 31
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All:

I am using Tomcat 5.5, Struts and using Form-Based JDBC Realm Authentication.

I also have a concrete implementation of HttpSessionListener which contains debug statements in both sessionCreated and sessionDestroyed methods.

When I start my program in Eclipse using Run-As->Run-On-Server, I see a debug statement in my Console

"Session has been Created".

This surprises me as I expect this to be generated when the User has logged-on to the System using the Form-based Authentication.

After I log in my session for which timeout has been set to 1 minute will expire and I will corectly get a debug statement from sessionDestroyed() method that "session has been expired".


But then I try to click on any link on my Application, it correctly redirects me to the Form-based Login Page but in the Console I see "Session has been created".

Tryin to login results redirection to the Default Error Page where the Exception printed is:

This Line corresponds to Code in my Action where I am trying to retrieve an attribute from the session and it is null.

What I dont understand is why "session" is being created on the startup of the browser - and if that is normal - why after session time-out clicking on any link "creates another session"

Thanks for your kind responses.

Chetan
 
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In form based authentication the main logic of authenticating usename and password from your LDAP (or any other realm) is done by the J_security_check.That might be creating session in the advance before the user sends in the credentials to this for verification.
reply
    Bookmark Topic Watch Topic
  • New Topic