Session and Strust2

Session and Strust2

Follow the guide from struts2, we can get session/request like this:
public class ShoppingCartInterceptor extends AbstractInterceptor
{
private static final long serialVersionUID = 1L;
public String intercept(ActionInvocation invocation) throws Exception
{
ActionContext actionContext = invocation.getInvocationContext();
HttpServletRequest request = (HttpServletRequest) actionContext.get(StrutsStatics.HTTP_REQUEST);
Map<String, Object> session = actionContext.getSession();
if (this.isShoppingCartEmpty(request, session))
{
return invocation.invoke();
}
else
{
return ActionConstants.GLOBEL_SHOPPING_CART;
}
}
...snip...

But sometimes, when we continous to click the link of xxx.do, we will see (Aborted) in firfox firebug, and I have the session fixation security fitler to invalid the
old session of this xxx.do, and write back the jsession id to cookie use HttpServletRequestWrapper.

That is the problem, once see (Aborted) in firebug, my session data is lost.

Finally, I change the fixation session implemenatation as follow, do not invalid the old session immediately, just wait 90 seconds
static public void startNewSessionIfRequired(HttpServletRequest request, HttpServletResponse response,
boolean migrateSessionAttributes) {
// map to hold all the parameters
HashMap<String, Object> attributesToMigrate = null;

// get session, use false, if no session, do not create one here
HttpSession oldSession = request.getSession(false);
if (oldSession == null) {
// if no session, there is nothing we need to do here
return;
}

String originalSessionId = oldSession.getId();

if (log.isDebugEnabled()) {
log.debug("Invalidating session with Id '" + originalSessionId
+ "' " + (migrateSessionAttributes ? "and" : "without")
+ " migrating attributes.");
}
// save the attributes in map
if (migrateSessionAttributes) {
attributesToMigrate = new HashMap<String, Object>();
Enumeration<?> enumer = oldSession.getAttributeNames();

while (enumer.hasMoreElements()) {
String key = (String) enumer.nextElement();
attributesToMigrate.put(key, oldSession.getAttribute(key));
}
}

// kill the old session
//oldSession.invalidate();
oldSession.setMaxInactiveInterval(90);

HttpSession newSession = request.getSession(true); // we use true here to create a new session

if (log.isDebugEnabled()) {
log.debug("Started new session: " + newSession.getId());
}

// migrate the attribute to new session
if (attributesToMigrate != null) {
Iterator<?> iter = attributesToMigrate.entrySet().iterator();

while (iter.hasNext()) {
Map.Entry<?, ?> entry = (Entry<?, ?>) iter.next();
newSession.setAttribute((String) entry.getKey(), entry.getValue());
}
}

}

This is not good solution, but It works fine.

Oh, no, it just works fine for only one stores. Other stores are bad.

<interceptor-ref name="token" />
<result name="invalid.token">/token/submit.jsp</result>
<s:form action="../order/fetchprice.do" method="post" id="priceLoadingForm">
<s:token/>
<p><a href="###" onclick="return submitLoading();"><s:text name="FETCH_REFRESH_LINK_TEXT"/></a></p>
</s:form>

Even these codes do not sure me too.

Try the javascript way to avoid the repeat submit
<script language='javascript'>
var submit=0;
function CheckIsRepeat()
{
if (++submit>1)
{
return false;
}
var form = document.getElementById("loadingForm");
form.submit();
return true;
}
</script>

<!-- page title -->
<div id="content">
<p><s:text name="FETCH_PRICE_LOADING_CONTENT"/></p>
<div class="heightc"></div>
<form action="../order/fetchprice.do" id="loadingForm">
</form>
<p><a href="###" onclick="javascript:CheckIsRepeat();">Link</a></p>
</div>

It works, but there is plenty of work todo.

references:
http://jackzhangyunjie.iteye.com/blog/231205
http://blog.httpwatch.com/2008/01/28/what-does-aborted-mean-in-httpwatch/
http://www.iteye.com/problems/50744
http://www.iteye.com/topic/1124616
http://webservices.ctocio.com.cn/java/492/9189492.shtml
http://www.cnblogs.com/endisoft/archive/2007/04/10/707708.html