This article is applicable when you are using external session managers. This means that you are using Aspire only as a tool to paint pages and update databases and do other work. An external system or a set of pages not controlled by Aspire are responsible for establishing and controlling the session.
This can be the case in a number of times. In one instance we have Aspire as the work horse while Jetspeed controls the access to the web site and also does the lay out. In this case Jetspeed is responsible for establishing the session and also authorizing access to the web pages.
In another instance a third party framework is used to build part of a system and Aspire is used to build another part of the system. In this case the third party framework can set the guidelines for establishing the session.
In both of the cases cited above the session is being controlled by an external entity and not Aspire.
Under such a case, this document describes how you can tell Aspire to redirect to a pre determined web page when session expires.
Read this document if you are using Build 19.x or below.
If you are using Build 20.x Go here for Build 20.x instructions
You will see configuration entries like this in the aspire.properties file.
#**************************************************************************
#********** Authorization/session management directives
#**************************************************************************
aspire.authentication.userAuthorization=no
aspire.sessionSupport.applySessionManagement=yes
aspire.sessionSupport.mainpage=/webapp/your-page-that-says-session-doesn't exist
request.aspire.sessionSupport.sessionSupportObject.className=\
com.ai.servlets.DefaultSessionSupport1
Make sure the user authorization is set to "no". If it is set to "yes" Aspire will try to authenticate using HttpAuthentication. The assumption is that the external system is responsible for validating the user.
Next, make sure that the applySessionManagement is set to "yes". If this is set "no" then Aspire will try to create a new session every time if one doesn't exist. When it is set to "yes" Aspire will delegate the control of the session to the "DefaultSessionSupport1" object.
Here is the behavior of DefaultSessionManager1 object at that point for these settings
If a session exists and it is logged in status is true then the session is returned and the request is allowed to continue.
If a session is not available then the user is redirected to the page expiration page mentioned above.
Create a session variable called "aspire.loggedin_status" and set it to true.
If not do the following to debug this
BaseServlet.java SessionUtils.java DefaultSessionSupport1.java
1. How to disable Aspire's http authentication and allow a login page