R
Russ Perry Jr
I'm looking into ways of removing users from a list when their sessions
expire. I haven't been able to find a lot of good info though, so I'm
hoping maybe somebody here will have some pointers.
I found this article: http://www.sys-con.com/story/?storyid=37412&DE=1
It says "adding the javax.servlet.http.HttpSessionListener interface to
the story, as illustrated in Listing 1*, helps you deliver login
management that runs with browsers that don't have cookies or JavaScript
enabled", and that looks sort of attractive.
[* http://photos.sys-con.com/story/res/37412/source.html]
However, a discussion on this page:
http://saloon.javaranch.com/cgi-bin/ubb/ultimatebb.cgi?ubb=get_topic&f=18&t=000652
....and others seems to indicate that by the time HttpSessionListener's
sessionDestroyed() method runs, the session object is empty, so you
can't recover even the ID to identify what session expired.
Moreso, the documentation for HttpSessionListener says "To recieve
notification events, the implementation class must be configured in
the deployment descriptor for the web application." but I'm not sure
how/where to put/connect the implementing class, nor can I find examples
of what to put in web.xml, which I'm assuming is what they mean by
"deployment descriptor for the web application" (and my apologies if
I'm way off here).
The javaranch link also mentions a "wrox example", but I'm having no
luck finding it online. Is this perhaps only in a book, or does anyone
know where I can find said example online?
Can anyone help? We're using JBuilder to build our struts app, and
aren't using anything like LDAP, JAAS, etc. Pretty basic and plain
jane.
expire. I haven't been able to find a lot of good info though, so I'm
hoping maybe somebody here will have some pointers.
I found this article: http://www.sys-con.com/story/?storyid=37412&DE=1
It says "adding the javax.servlet.http.HttpSessionListener interface to
the story, as illustrated in Listing 1*, helps you deliver login
management that runs with browsers that don't have cookies or JavaScript
enabled", and that looks sort of attractive.
[* http://photos.sys-con.com/story/res/37412/source.html]
However, a discussion on this page:
http://saloon.javaranch.com/cgi-bin/ubb/ultimatebb.cgi?ubb=get_topic&f=18&t=000652
....and others seems to indicate that by the time HttpSessionListener's
sessionDestroyed() method runs, the session object is empty, so you
can't recover even the ID to identify what session expired.
Moreso, the documentation for HttpSessionListener says "To recieve
notification events, the implementation class must be configured in
the deployment descriptor for the web application." but I'm not sure
how/where to put/connect the implementing class, nor can I find examples
of what to put in web.xml, which I'm assuming is what they mean by
"deployment descriptor for the web application" (and my apologies if
I'm way off here).
The javaranch link also mentions a "wrox example", but I'm having no
luck finding it online. Is this perhaps only in a book, or does anyone
know where I can find said example online?
Can anyone help? We're using JBuilder to build our struts app, and
aren't using anything like LDAP, JAAS, etc. Pretty basic and plain
jane.
