Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Session Management

 
Mustafa ISIKLAR
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I try to make simple web Application to understand session management with IBM Websphere Studio Application Developer 5.0. First I write SessionCounter which implements HttpSessionListener in order to inform created and destroyed sessions. In Login.html userid and password is written and this page is posted LoginControl servlet. New session is created with "HttpSession session = request.getSession(true);" Userid and password attributes set to session. Then it is forwarded to Menu.jsp with RequestDispatcher. In menu.jsp there are several link to many jsp pages. My problem is if a mouse click on any link in Menu.Jsp new session created. But I don't want this. New session must only be created with login.html.
Code is below:
login.html
<FORM method="post" action="/Work01/LoginControl">
<INPUT type="text" name="userid" size="20"></TD>
<INPUT type="password" name="password" size="20">
<INPUT type="submit" name="ok" value="OK">
</FORM>
LoginControl.java(servlet)
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws javax.servlet.ServletException, java.io.IOException
{
String userid = request.getParameter("userid");
String password = request.getParameter("password");
HttpSession session = request.getSession(true);
session.setAttribute("userid",userid);
session.setAttribute("password",password);

ServletContext context = getServletContext();
RequestDispatcher rd = context.getRequestDispatcher("/Menu");
rd.forward(request, response);
return;
}
Menu.jsp
<A href="Jsp1.jsp" target="_self">Jsp1.jsp</A>
<A href="Jsp2.jsp" target="_self">Jsp2.jsp</A>
 
Ko Ko Naing
Ranch Hand
Posts: 3178
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Do u properly get the session from the request in those pages? Another thing is that if u don't want to create a new sesion when there is no existing session, u may use getSession(false) in those pages and return null....
 
Bryan Basham
author
Ranch Hand
Posts: 199
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Currently, your web application depends on the client (the Web browser) to handle cookies. If the browser were to turn off cookies, then your web app will fail; it will keep making new session objects on every request.
The solution is to use URL rewriting with the encodeURL method on the HttpServletResponse interface. Because you are using JSP pages for you views, then I would recommend either using the JSTL 'url' tag which automatically performs URL rewriting, or change your JSP code as follows:
Menu.jsp
<A href='<%= response.encodeURL("Jsp1.jsp") %>' target="_self">Jsp1.jsp</A>
<A href='<%= response.encodeURL("Jsp2.jsp") %>' target="_self">Jsp2.jsp</A>
HTH,
Bryan
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic