struts session problem

[Lam]

hi
i have a problem with struts and session managment
i create a webapps with an identification page (login/password)
i create a session after this identification

web.xml defines session like this :

<!-- Session Timeout Information in Minutes -->
<session-config>
<session-timeout>15</session-timeout>
</session-config>


i an Action object :

public final ActionForward execute(ActionMapping mapping, ActionForm
form,
HttpServletRequest request,
HttpServletResponse response)
throws Exception {

log.info("EditUserAction");

ActionErrors errors = new ActionErrors();

EditUserForm userForm = (EditUserForm) form;

String token = "";
if (errors.isEmpty()) {

HttpSession session = request.getSession(false);
if (session == null) {
log.info("no session");
errors.add("login",
new
ActionMessage("errors.login.required"));
token = FAIL_MAPPING;

} else {
log.info("Session " + session.toString());

...
}

log.info("EditUserAction done");
return mapping.findForward(token);
}


so, i start my webapps, i put my login/password, and after this i have
a cookie with my session
i delete this cookie, and i do the editUser.do
i think after this i would see in log "No session..." but i have this :

INFO: Session org.apache.tomcat.facade.HttpSessionFacade@cb2185

why i have a session ??
could you help me ?

struts-config.xml is defined like this :

<form-bean name="EditUserForm"
type="org.myproject.struts.form.EditUserForm">
</form-bean>

and

<action path="/editUser"
type="org.myproject.struts.actions.EditUserAction"
name="EditUserForm"
scope="request"
input="/utilisateur.jsp">
<forward name="success" path="/utilisateur.jsp" redirect="false"/>
<forward name="fail" path="/main.jsp" redirect="false"/>
</action>


any idea ?


thanks for any help

 

[Wendy Smoak]

HttpSession session = request.getSession(false);
if (session == null) {
log.info("no session");
} else {
log.info("Session " + session.toString());
}

I'm not convinced this is really a Struts issue... have you tried the code
above in a Servlet to see if you get the same behavior? (The easiest thing
is to put a scriptlet in a test.jsp file in the root of your webapp, and
just do some printing to the page.)

so, i start my webapps, i put my login/password, and after this i have
a cookie with my session
i delete this cookie, and i do the editUser.do
i think after this i would see in log "No session..." but i have this :
INFO: Session org.apache.tomcat.facade.HttpSessionFacade@cb2185
why i have a session ??

How are you getting to 'editUser.do'? If it's a link, examine the HTML and
see if there is a ;jsessionid embedded in it. If so, that will hook the new
request back up with the session on the server.

You may want to rethink using the _presence_ of a session to control
behavior. If instead you place an object in the session when the user logs
in, you can then check for that object on subsequent requests, and it won't
matter whether you've switched sessions in the meantime.

In addition, a Filter is a better place to check for authentication.
Authorization is more fine grained and may end up down at the Action level,
but a simple "Is this user logged in" should happen as early as possible if
the intent is to send the user off to a different page. (Plus it's reusable
in any webapp, Struts-based or not.)

I seem to be the only one around here still answering Struts questions.
If you still need help, I encourage you to come join us on the Struts user
list: http://struts.apache.org/mail.html