Search...
FAQs Subscribe
Pie
FAQs
Recent topics Flagged topics Hot topics Best topics
Search...
Search within EJB and other Jakarta /Java EE Technologies Search Coderanch
Advance search Google search
Register / Login
granny thread boost book review grid advertise on coderanch polymorphism
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
building better world book thread boost advertise on coderanch book review grid meaningless drivel
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Ron McLeod
  • paul wheaton
  • Jeanne Boyarsky
Sheriffs:
  • Paul Clapham
  • Devaka Cooray
Saloon Keepers:
  • Tim Holloway
  • Roland Mueller
  • Himai Minh
Bartenders:

JSESSION and taking User Info

 
Andres Gorostidi
Greenhorn
Posts: 3
posted 21 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
Please, let me known if I am wrong of not:
With form based authentication, I only have to protect a resourse, and then specify form based authentication. A web container must implement a form with a POST action with the distniguised pseudo URL j_security_check, wich takes username and password parameters with the defined names j_username and j_password.
The container will force the user to authenticate by submitting the login form.
Then, a HTTPSESSION will be created, and mantained with the JSESSION cookie. Is true that, afterthat, the form is no longer submitted since I already have the data onf the authenticated user on the JSESSION ? Could I access to the data (getUserName) of the user only trough that session ?
If so, since the data of the session is stored on the JSESSION cookie.. What happens If I get redirected to another WebLogic Server ? What happens if a open antoher applicatoon on that server (or a different one) that has his own session ?

-----------------<br />Andres Gorostidi<br />[email protected]

 
Lasse Koskela
author
Posts: 11962
5
posted 21 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator

Then, a HTTPSESSION will be created, and mantained with the JSESSION cookie. Is true that, afterthat, the form is no longer submitted since I already have the data onf the authenticated user on the JSESSION ? Could I access to the data (getUserName) of the user only trough that session ?
If so, since the data of the session is stored on the JSESSION cookie.. What happens If I get redirected to another WebLogic Server ? What happens if a open antoher applicatoon on that server (or a different one) that has his own session ?


The data is not stored on the cookie. The data is stored using the session ID, a piece of string, as a key for later access. Once you've created a session ID, you don't need to submit any login forms unless you want to perform another authentication.
Yes, the user's data can be accessed only through that session. Note that you can only access such user data that you have explicitly stored into the javax.servlet.http.HttpSession.
Regarding the redirection, clustered application servers either don't redirect a request of an existing session to another server instance or replicates the session data so that it doesn't matter which server gets the request.
I'm afraid I didn't quite understand what you're after with "What happens if a open antoher applicatoon on that server (or a different one) that has his own session?"... Would you like to elaborate on it?

Author of Test Driven (2007) and Effective Unit Testing (2013) [Blog] [HowToAskQuestionsOnJavaRanch]

 
Consider Paul's rocket mass heater.
reply
reply
    Bookmark Topic Watch Topic
  • New Topic
Boost this thread!
Similar Threads
More...