This article is applicable when you are using external session managers. This means that you are using Aspire only as a tool to paint pages and update databases and do other work. An external system or a set of pages not controlled by Aspire are responsible for establishing and controlling the session.
This can be the case in a number of times. In one instance we have Aspire as the work horse while Jetspeed controls the access to the web site and also does the lay out. In this case Jetspeed is responsible for establishing the session and also authorizing access to the web pages.
In another instance a third party framework is used to build part of a system and Aspire is used to build another part of the system. In this case the third party framework can set the guidelines for establishing the session.
In both of the cases cited above the session is being controlled by an external entity and not Aspire.
Under such a case, this document describes how you can tell Aspire to redirect to a pre determined web page when session expires.
Read this document if you are using Build 19.x or below.
If you are using Build 20.x Go here for Build 20.x instructions
Settings
You will see configuration entries like this in the aspire.properties file.
#**************************************************************************
#********** Authorization/session management directives
#**************************************************************************
aspire.authentication.userAuthorization=no
aspire.sessionSupport.applySessionManagement=yes
aspire.sessionSupport.mainpage=/webapp/your-page-that-says-session-doesn't exist
request.aspire.sessionSupport.sessionSupportObject.className=\
com.ai.servlets.DefaultSessionSupport1
Make sure the user authorization is set to "no". If it is set to "yes" Aspire will try to authenticate using HttpAuthentication. The assumption is that the external system is responsible for validating the user.
Next, make sure that the applySessionManagement is set to "yes". If this is set "no" then Aspire will try to create a new session every time if one doesn't exist. When it is set to "yes" Aspire will delegate the control of the session to the "DefaultSessionSupport1" object.
Here is the behavior of DefaultSessionManager1 object at that point for these settings
If a session exists and it is logged in status is true then the session is returned and the request is allowed to continue.
If a session is not available then the user is redirected to the page expiration page mentioned above.
How can an external system set the login status to true
Create a session variable called "aspire.loggedin_status" and set it to true.
How to debug this
- Run tomcat and your application
- While not closing the browser you are testing from, restart tomcat
- Do refresh on the browser
- If everything worked this should result in a redirection to the session expiration page mentioned above. The main page.
If not do the following to debug this
- Check aspires log file
- Look for "Info:ssup: Session management requested"
- If you see this "Error:ssup: You need to specify a starting main page for the application" somehow Aspire is not able to locate
- the session main page indicated above
- As a final resort locate the java file for "defaultsessionsupport1.java" and follow the log trace to the error messages in this java file
- Email me the log file and the aspire.properties file if you can't figure out
In What files is this facility implemented
BaseServlet.java SessionUtils.java DefaultSessionSupport1.java
Further reading
1. How to disable Aspire's http authentication and allow a login page