portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Glenn R. Golden" <ggol...@umich.edu>
Subject Re: why Session is invalidated when user logs in
Date Thu, 09 Oct 2003 23:22:46 GMT
Turbine.java, starting at about line 433 (this is rev.  * @version $Id: 
Turbine.java,v 1.13 2002/03/29 15:57:03 dobbs Exp $).  There may be a 
new version around and even in Jetspeed, but I'm on a rather old source 
set:

                 // If a User is logging in, we should refresh the
                 // session here.  Invalidating session and starting a
                 // new session would seem to be a good method, but I
                 // (JDM) could not get this to work well (it always
                 // required the user to login twice).  Maybe related
                 // to JServ?  If we do not clear out the session, it
                 // is possible a new User may accidently (if they
                 // login incorrectly) continue on with information
                 // associated with the previous User.  Currently the
                 // only keys stored in the session are "turbine.user"
                 // and "turbine.acl".
                 if (data.getAction().equalsIgnoreCase(TurbineResources
                         .getString("action.login")))
                 {
                     String[] names = data.getSession().getValueNames();
                     if (names != null)
                     {
                         for (int i=0; i< names.length; i++)
                         {
                             data.getSession().removeValue(names[i]);
                         }
                     }
                 }

On Thursday, October 9, 2003, at 03:00  PM, Youssef Mohammed wrote:

> Thanks Glenn  ,
>
> This is exactly what I am running into but I couldn't find such a code 
> in the turbine servlet that clears sessions variables !!!
>
>
> -----Original Message-----
> From: Glenn R. Golden [mailto:ggolden@umich.edu]
> Sent: Thursday, October 09, 2003 8:53 PM
> To: Jetspeed Developers List
> Subject: Re: why Session is invalidated when user logs in
>
>
> This is standard Turbine behavior, I believe.  See the turbine servlet,
> that's where I think it quite deliberately clears all session values
> once the user successfully logs in.
>
> I had tried to store a redirect URL in the session to be processed
> after login, but Turbine clears the values so it was gone.  I wonder if
> this is what you are running into.
>
> - Glenn
>
> On Thursday, October 9, 2003, at 11:15  AM, Youssef Mohammed wrote:
>
>> I checked it . The JSESSIONID is not changed when the user logs in but
>> the variables are cleared from the HTTPSession object !!!
>>
>>
>> -----Original Message-----
>> From: Pernoud Aurelien [mailto:apernoud@sopragroup.com]
>> Sent: Thursday, October 09, 2003 4:51 PM
>> To: Jetspeed Developers List
>> Subject: RE: why Session is invalidated when user logs in
>>
>>
>>
>> I didn't find any code in jetspeed or turbine that explicitely calls
>> the
>> request.geSession().invalidate() method, so I find it weird.
>>
>> Can you check if the sessionid is the same when not logged in and 
>> after
>> logged in, that may be the reason ?
>>
>> Aurelien
>>
>> Youssef Mohammed a écrit :
>>
>>> Hi
>>>
>>>  I am storing session variables when an annoymous user
>>> browing thru jetspped when he/she logs in as registerd user
>>> the session variables is deleted !!!
>>> How to bridge those variables to the new session or prevent them from
>>> deleteion
>>>
>>> thnks
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message