struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gundersen, Richard" <Richard.Gunder...@london-scottish.com>
Subject Invalidating session
Date Wed, 27 Aug 2008 11:05:27 GMT
Hi all

I came across this page for invalidating the session

http://struts.apache.org/2.0.11.2/docs/how-do-we-get-invalidate-the-sess
ion.html

It mentions this way of invalidating the session: 

if (session instanceof org.apache.struts2.dispatcher.SessionMap) {
		....
	((org.apache.struts2.dispatcher.SessionMap)
session).invalidate();
		....

Just wondering if 
	a) this is still the recommended way of doing things (I have no
reason to think it's not btw)
	b) I'm writing a public facing site that needs to be secure, so
just wondering if there would ever be a possibility that the session
object might not be an instance of
org.apache.struts2.dispatcher.SessionMap, in which case there could be
potential for the session not to be invalidated when it's meant to be.
Is this a possibility? I don't know enough about Struts 2 to answer this
myself so would appreciate advice. 

Cheers

Richard


As a responsible corporate citizen, London Scottish Bank plc asks you to consider the environment
before printing this email.

*** Disclaimer *** 

This electronic communication is confidential and for the exclusive use of the addressee.
It may contain private and confidential information. The information, attachments and opinions
contained in this E-mail are those of its author only and do not necessarily represent those
of London Scottish Bank PLC or any other members of the London Scottish Group. 

If you are not the intended addressee, you are prohibited from any disclosure, distribution
or further copying or use of this communication or the information in it or taking any action
in reliance on it. If you have received this communication in error please notify the Information
Security Manager at ISM@London-Scottish.com as soon as possible and delete the message from
all places in your computer where it is stored. 

We utilise virus scanning software but we cannot guarantee the security of electronic communications
and you are advised to check any attachments for viruses. We do not accept liability for any
loss resulting from any corruption or alteration of data or importation of any virus as a
result of receiving this electronic communication. 

Replies to this E-mail may be monitored for operational or business reasons. London Scottish
Bank PLC is regulated by the Financial Services Authority.


London Scottish Bank plc, Registered Office: 201 Deansgate, Manchester M3 3NW Registered Number
973008 England.

Subsidiary Companies:-

London Scottish Finance Limited, Registered Office: 201 Deansgate, Manchester M3 3NW Registered
Number 233259 England.

London Scottish Broking Limited, Registered Office: 201 Deansgate, Manchester M3 3NW Registered
Number 230110 England.

Robinson Way & Company Limited, Registered Office: 201 Deansgate, Manchester M3 3NW Registered
Number 885896 England.

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message