• Post Reply Bookmark Topic Watch Topic
  • New Topic

Keeping client in a session with url

 
David Rocks
Ranch Hand
Posts: 162
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi
I am a bit of a newbie at web development so forgive my complete ignorance. I have been given the job of making the browser client session aware with the URL. sort of a "when i get back from holiday next week i want to see the session id in the url". This comes about from the fact that the user id was always shown in URL in the first version of our code. this was used in each page for the db querys. Obviously any 5 year old could change the id and see other users information.
What we would like to do is produce a session id keep that in the url and get the attributes from that. a la hotmail? Unfortunately looking at the web i can not find a thing explaining how to do this. i have looked at HTTPSession but i cannot see how it would fulfill the job but i am sure it is used. Does anybody know of a resource that will give a complete example of how to build my JSPs this way.
Many thanks for any help in advance.
David
 
Jessica Sant
Sheriff
Posts: 4313
Android IntelliJ IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sessions sound like the answer to your problems -- but you don't necessarily have to keep the "JSESSIONID" in the URL...
Check out Chapter 9: Session Tracking from Core Servlets and JavaServer Pages by Marty Hall. That should explain to you the kind of things you can do in a session.
To show the Session ID in the URL -- look at the topic called URL ReWriting. --- basically you can get a URL that looks like this: http://someHost/blah/file.jsp?JSESSIONID=12361234
Hope that Helps!
 
Dave Vick
Ranch Hand
Posts: 3244
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
David
What you are looking for is the HttpServletResponse classes encodeURL( ) method. Basically you pass in a URL as a strng as an argument to the method and it returns a String that is the URL with a query string appended to it that is the session id.
Here is a piece of code that would appear in a servlet to print an encoded link:

In that code the 'resp' variable is the HttpServletResponse object passed into doGet or doPost. The thing to be careful about is that you have to make sure that all of your links on the pages are encoded, if even one of them isn't then the client could follow a link and lose the session.
hope that helps
 
Shawn Bayern
Author
Ranch Hand
Posts: 160
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by david raid:
Hi
What we would like to do is produce a session id keep that in the url and get the attributes from that.

Hi David. The JSP Standard Tag Library (JSTL), a new standard from the Java Community Process, includes a JSP tag -- <c:url> -- that takes care of this problem for you. If you simply write
Go to the next
<a href="<c:url value="page.jsp"/>">page</a>!
the <c:url> tag encodes the session identifier
into the page.jsp page when necessary. (If you're using cookies, it might not bother on all containers -- it uses the same HttpServletResponse.encodeURL() method that others have mentioned, which on Tomcat doesn't embed the session ID into the URL unless it's necessary to preserve session state.)
You can read more about JSTL at
http://jakarta.apache.org/taglibs/doc/standard-doc/intro.html
Hope that helps!
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!