How to track the session for all URLs in Struts 2

Question

This is my Interceptor code. My aim is to maintain the session for all the URL, once the logout is done user can not able to go for any URL.

import java.util.Map;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;
public class AuthenticationInterceptor implements Interceptor {
    /**
     * 
     */
    private static final long serialVersionUID = 1L;

    public void destroy() {
        // TODO Auto-generated method stub
        System.out.println("inside the destroy() of interceptor");
    }
    public void init() {
        // TODO Auto-generated method stub
        System.out.println("inside the init() of interceptor of new");
    }
    public String intercept(ActionInvocation ai) throws Exception {
        // TODO Auto-generated method stub
        System.out.println("inside the interceptor()......new");
        if(ai.getAction() instanceof LogoutAction){
            Map session = ai.getInvocationContext().getSession();
            if (session.get("user")!=null){
                System.out.println("inside logout of the session");
                return ai.invoke();
            }
            else{
                return "login";
            }
        }
        else
        return ai.invoke();

    }

this is my logout action code:

 package com.uttara.reg;

    import java.util.Map;

    import org.apache.struts2.interceptor.SessionAware;

    import com.opensymphony.xwork2.ActionSupport;

    public class LogoutAction extends ActionSupport implements SessionAware {

        private Map session;
        public void setSession(Map s) {
            session = s;
        }

        @Override
        public String execute() throws Exception {
            System.out.println("inside execute() of LA");
            if(session.get("user")!=null){  
                session.remove("user");
            return "ridirect";
            }
            return "failure";
        }

    }

this is my another action file once the login has done user will goin to register the user my question is how to check the session here

import com.opensymphony.xwork2.ActionSupport;
public class RegisterAction extends ActionSupport implements SessionAware { 
private static final long serialVersionUID = 1L;
public RegisterAction() {
    System.out.println("inside the Register action const.");
}
private RegBean bean;
private Map session;
public RegBean getBean() {
    return bean;
}
public void setBean(RegBean bean) {
    this.bean = bean;
}
@Override
    public String execute() throws Exception {
     System.out.println("inside execute method");
     System.out.println(bean);
        Model m = new Model();
        String result = m.register(bean);
        if(result.equals(SUCCESS))
            return SUCCESS;
        else{
            addActionError(getText(result));
            return "failure";
        }
    }
@Override
    public void validate(){
     System.out.println("inside validate method");

    }
public void setSession(Map session) {
    // TODO Auto-generated method stub
    System.out.println("inside setSession");
    this.session = session;
}

}

As I see in your code, you're redirecting users to login page in cases where he/she has logged out before and tries to call the logout action again. What are you really trying to achieve? Would you explain it with more details? — zaerymoghaddam, Sep 29 '13 at 12:00
my question once user login i will create the session for him and after that he can able to do whatever he want once he done logout he can not able to enter do functionality inside it has to redirect to the login page tank u — user2767354, Sep 29 '13 at 12:06
possible duplicate of [Sessions in struts2 application](http://stackoverflow.com/questions/5509606/sessions-in-struts2-application) or [Is there a way to redirect to another action class without using on struts.xml](http://stackoverflow.com/questions/16254934/is-there-a-way-to-redirect-to-another-action-class-without-using-on-struts-xml) — Roman C, Sep 29 '13 at 14:49
will it need to set session for all the action classes will created after loginaction — user2767354, Sep 29 '13 at 15:44
here my problem is ..when i login once the user name will created and stored in the session and after logout that name will removed if that remove also if the user press register user that will go to the register.action and the session stored name will come again logout is working fine sometimes it is happening in browser when i click back button but not in eclips browser it work fine than k u — user2767354, Sep 29 '13 at 16:50

zaerymoghaddam · Accepted Answer · 2013-09-29T12:49:11.960

0

If all your application pages have to be accessed by authenticated user, then you have to redirect the user to login page in any cases that there is no user attribute in his/her session. The problem is in your if conditions. I Don't know what are you doing in your LogoutAction, but if it's invalidation user session by removing user attribute from his/her session, then your if block should be as this:

public String intercept(ActionInvocation ai) throws Exception {
    // TODO Auto-generated method stub
    System.out.println("inside the interceptor()......new");
    Map session = ai.getInvocationContext().getSession();
    if ((session.get("user") != null) || 
        ((session.get("user") == null) && (ai.getAction() instanceof LoginAction)) {
        return ai.invoke();
    } else {
        return "login";
    }
}

This way, user has no choice if he has not passed the login action first. The LogoutAction action is just any other action in your application and could be called in cases where there is user attribute in user session.

Your original if statements checked this condition just in cases where the requested action is logout.

edited Sep 29 '13 at 12:49

answered Sep 29 '13 at 12:28

zaerymoghaddam

3,037
1
27
33

i done the same thing! but wht is happening is i could not be able to logi itself thank u – user2767354 Sep 29 '13 at 12:41
its working fine when am using in the eclips but i'm coming to use in browser that is not workin can u plz expline me whts the problem – user2767354 Sep 29 '13 at 13:16
no i can't even understand what it is ! once i done logout again user can able to go for other url by clicking browser back button but it is working fine in eclipse default browser – user2767354 Sep 29 '13 at 13:22
As the problem exists only in your browser, maybe it's reading from cache, not your server code! Does the problem occurs just by clicking back button or you have the same problem if user tries to type a new address in address bar? After logout, type address of an action which you have not visited before logout and another time with a URL that you have visited before logout. – zaerymoghaddam Sep 29 '13 at 13:32
could u plz tell me how to clear the browser cache after logout plz thnk u for helping me .. – user2767354 Sep 29 '13 at 13:36
The browser cache is not related to your session. It's completely a different thing. You have to clear your cache manually in your browser (Internet Options in IE for example). If the cache is not your problem, so I've to see your `LogoutAction`. Maybe you have not implemented your logout correctly and so the user session stays valid even after calling logout action. – zaerymoghaddam Sep 29 '13 at 13:39
my problem is how to create the same session for other action like register action when user login – user2767354 Sep 29 '13 at 14:14
You don't need to make a track the session while user is browsing your site. The application sever will do it for you. When you store something in user session, it would be there on next actions till user session time out happens or you explicitly remove it from session using `removeAttribute` method of `HttpSession` object. – zaerymoghaddam Sep 29 '13 at 14:23
can u plz tell me how to do removeAttribute and where? – user2767354 Sep 29 '13 at 14:34
Your logout action seems valid. I Have no idea about what's happening. Just for test, try to call `session.invalidate` and check the result – zaerymoghaddam Sep 29 '13 at 14:41
session.invalidate option is not getting over there can u plz expline me how to call that – user2767354 Sep 29 '13 at 15:18

score 0 · Answer 2 · answered Sep 30 '13 at 13:27

0

I think the error you have in configuration

<action name="logout" class="com.uttara.reg.LogoutAction">
        <result name="success">Login.jsp</result>
        <result name="failure">Error.jsp</result>
</action>

answered Sep 30 '13 at 13:27

Roman C

49,761
33
66
176

How to track the session for all URLs in Struts 2

2 Answers2