struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Heligon Sandra <sandra.heli...@thomson.net>
Subject RE: Association between Session object and Cookies/URL rewriting
Date Thu, 06 Mar 2003 08:41:02 GMT
Tomcat is responsible of the cookie creation but it is
the Struts Action Servlet that is responsible of the
session (HttpSession initialization) isn't it ?
A few months ago I had had a discussion with Craig and it had indicated 
to me that a session was initialized in several cases:

* The controller servlet will create a session for you, if you
  declare that your form bean is in session scope.

* The controller servlet will create a session for you, if you
  configured the automatic locale recognition mechanism (the "locale"
  servlet initialization parameter for 1.0, or the corresponding
  attribute on the <controller> element for 1.1).

* Your application Action can create a session if it needs to, by
  calling request.getSession().

* Actions will create a session for you automatically if you use
  transaction tokens, or the getLocale()/setLocale() methods.

* JSP pages will create a session for you automatically unless you
  explicitly tell them not to (<%@ page ... session="false" ... %>).

* The <html:html> tag will create a session for you automatically
  if you use locale="true".

* The <html:form> tag will create a session for you automatically
  if your form bean is in request scope, or if you are using
  transaction tokens.

I don't understand how the controller distinguish a client X from a 
client Y ? what parameter/information allow to identify a client ?
As I said yesterday in my application two clients have not the same
authentication information (userLogin and password).
 
If a client X enter the URL http::\\localhost:8080\MyAppli, when the 
home page is displayed if the form is in the session an HttpSession is
created isn't it ? but the client has not yet given his userLogin and
password.

If a new browser is open on the same PC with the URL of the application
is a new HttpSession is created ?
Normally a new session must be created only if login information is
different
from the first client's browser. But on the Home page we do not have to
carry out 
the Login action yet.  

Do you understand my question ?

----------------------------------------------------------- 
As of February 12, 2003 Thomson unifies its email addresses on a worldwide
basis.Please note my new email address: sandra.heligon@thomson.net 

Thomson is the leader in solutions and technologies for the entertainment
and media industries and serves its customers under its four strategic
brands: Technicolor, Grass Valley, RCA and THOMSON. 
More about Thomson: http://www.thomson.net/videochain 

----Original Message-----
From: Nicolas De Loof [mailto:nicolas.deloof@cgey.com]
Sent: 05 March 2003 14:53
To: Struts Users Mailing List
Subject: Re: Association between Session object and Cookies/URL
rewriting


Struts doesn't create coockies, J2EE servlet container does (tomcat).
When you use "request.getSession()" in your code, J2EE server will a
coockie (or a request parameter if URL rewriting is used, see your
server config) to get the session ID.

If no ID is set, it will generate a new session ID and add a
"set-coockie" HTTP header in response.

New request from user browser will come to the server with a
"SESSIONID" coockie header, and request.getSession() implementation
will be able to find the session object from ID.

Read J2EE or Tomcat documentation to get more infos on sessions
(sessionid coockie, URL rewriting ...).

Nico.

>
> I don't understand very well how Struts manages session objects
> and why a sessionID is fixed for a user ?
> Session objects are stored on the web server (Tomcat in my case) and
> cookie saved on the disk allows to retrieve the HttpSession
> associated to
> a user.
> But I don't understand how the cookie is created and why is it
> associated
> to a client ?
> How Struts creates the session cookie ?
> I read that the cookie object is created when a user first loads a
> web page that
> is a part of the application.
> But at this stage what distinguishes a user X from a user Y ?
> In my application I distinguish two users with authentication
> information but when the first page is displayed the authentication
is not
> done.
> How Struts know that it is a new user and that it has to create a
> new HtppSession and a new cookie?
> Is a user (and so a cookie) associated to a user NT account ?
> I am not certain to have been rather clear
> Thanks in advance for your help.
> Sandra
>
>
>
>
> -----------------------------------------------------------
> As of February 12, 2003 Thomson unifies its email addresses on a
worldwide
> basis.Please note my new email address: sandra.heligon@thomson.net
>
> Thomson is the leader in solutions and technologies for the
entertainment
> and media industries and serves its customers under its four
strategic
> brands: Technicolor, Grass Valley, RCA and THOMSON.
> More about Thomson: http://www.thomson.net/videochain
>
>
> --------------------------------------------------------------------
-
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org


Mime
View raw message