This article is applicable when you are using external session managers. This means that you are using Aspire only as a tool to paint pages and update databases and do other work. An external system or a set of pages not controlled by Aspire are responsible for establishing and controlling the session.

This can be the case in a number of times. In one instance we have Aspire as the work horse while Jetspeed controls the access to the web site and also does the lay out. In this case Jetspeed is responsible for establishing the session and also authorizing access to the web pages.

In another instance a third party framework is used to build part of a system and Aspire is used to build another part of the system. In this case the third party framework can set the guidelines for establishing the session.

In both of the cases cited above the session is being controlled by an external entity and not Aspire.

Under such a case, this document describes how you can tell Aspire to redirect to a pre determined web page when session expires.

Read this document if you are using Build 19.x or below.

If you are using Build 20.x Go here for Build 20.x instructions

Settings

You will see configuration entries like this in the aspire.properties file.


#**************************************************************************
#********** Authorization/session management directives
#**************************************************************************
aspire.authentication.userAuthorization=no
aspire.sessionSupport.applySessionManagement=yes
aspire.sessionSupport.mainpage=/webapp/your-page-that-says-session-doesn't exist
request.aspire.sessionSupport.sessionSupportObject.className=\
com.ai.servlets.DefaultSessionSupport1

Make sure the user authorization is set to "no". If it is set to "yes" Aspire will try to authenticate using HttpAuthentication. The assumption is that the external system is responsible for validating the user.

Next, make sure that the applySessionManagement is set to "yes". If this is set "no" then Aspire will try to create a new session every time if one doesn't exist. When it is set to "yes" Aspire will delegate the control of the session to the "DefaultSessionSupport1" object.

Here is the behavior of DefaultSessionManager1 object at that point for these settings

If a session exists and it is logged in status is true then the session is returned and the request is allowed to continue.

If a session is not available then the user is redirected to the page expiration page mentioned above.

How can an external system set the login status to true

Create a session variable called "aspire.loggedin_status" and set it to true.

How to debug this

If not do the following to debug this

In What files is this facility implemented

BaseServlet.java
SessionUtils.java
DefaultSessionSupport1.java

Further reading

1. How to disable Aspire's http authentication and allow a login page

2. Source code of DefaultSessionSupport1.java