• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Session Management

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I try to make simple web Application to understand session management with IBM Websphere Studio Application Developer 5.0. First I write SessionCounter which implements HttpSessionListener in order to inform created and destroyed sessions. In Login.html userid and password is written and this page is posted LoginControl servlet. New session is created with "HttpSession session = request.getSession(true);" Userid and password attributes set to session. Then it is forwarded to Menu.jsp with RequestDispatcher. In menu.jsp there are several link to many jsp pages. My problem is if a mouse click on any link in Menu.Jsp new session created. But I don't want this. New session must only be created with login.html.
Code is below:
login.html
<FORM method="post" action="/Work01/LoginControl">
<INPUT type="text" name="userid" size="20"></TD>
<INPUT type="password" name="password" size="20">
<INPUT type="submit" name="ok" value="OK">
</FORM>
LoginControl.java(servlet)
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws javax.servlet.ServletException, java.io.IOException
{
String userid = request.getParameter("userid");
String password = request.getParameter("password");
HttpSession session = request.getSession(true);
session.setAttribute("userid",userid);
session.setAttribute("password",password);

ServletContext context = getServletContext();
RequestDispatcher rd = context.getRequestDispatcher("/Menu");
rd.forward(request, response);
return;
}
Menu.jsp
<A href="Jsp1.jsp" target="_self">Jsp1.jsp</A>
<A href="Jsp2.jsp" target="_self">Jsp2.jsp</A>
 
Ranch Hand
Posts: 3178
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Do u properly get the session from the request in those pages? Another thing is that if u don't want to create a new sesion when there is no existing session, u may use getSession(false) in those pages and return null....
 
author
Posts: 199
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Currently, your web application depends on the client (the Web browser) to handle cookies. If the browser were to turn off cookies, then your web app will fail; it will keep making new session objects on every request.
The solution is to use URL rewriting with the encodeURL method on the HttpServletResponse interface. Because you are using JSP pages for you views, then I would recommend either using the JSTL 'url' tag which automatically performs URL rewriting, or change your JSP code as follows:
Menu.jsp
<A href='<%= response.encodeURL("Jsp1.jsp") %>' target="_self">Jsp1.jsp</A>
<A href='<%= response.encodeURL("Jsp2.jsp") %>' target="_self">Jsp2.jsp</A>
HTH,
Bryan
 
money grubbing section goes here:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic