• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Session management in Servlets

 
Anonymous
Ranch Hand
Posts: 18944
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
basically I have a static Html page which consisits of textbox and continue button. When I press continue
a servlet gets executed which dynamically opens a new (Second) page which in turn has one more textbox and Submit button.
Now I open another separeta instance of my browser and copy and paste the url I got by pressing my first static Html page. I directly get my second Html page. I don't want to allow the user to do this. How should I go about in my code to avoid user copying and pasting the Url where in they can directly goto the second page skipping my first page.
It is like storing the Url of login page and directly going to the main web page without entering userid and password.
Hope u all understood my prob.
Please help me....
 
Frank Carver
Sheriff
Posts: 6920
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The problem is that the behaviour of browsers is not fully specified. Your browser obviously shares all its cookies between all open windows; some browsers have separate cookie sets for each window.
There are some situations where you want shared cookies (an application which uses several windows for different purposes, for example), and some where you want separate cookies (an application where you need several concurrent "sessions", for example).
Unfortunately, I know of no way of configuring a browser to specify one or the other behaviour.
 
Anonymous
Ranch Hand
Posts: 18944
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sounds like you need to use the Session Tracking API. I'm just beginning to learn this so bear with me.
Basically, every user of a site is associated with a javax.servlet.http.HttpSession object that servlets can use to store and retrieve information about that user in a persistent cookie. Using this you can check to see if the user has previously logon or entered your first page by creating an unique session id when the user first opens your first page. If they skip to your second page then the unique session id won't be their and you can send them back to your first page.
You can find an excellent explanation of all this in Java Servlet Programming by Jason Hunter and/or look at the examples at: http://www.oreilly.com/catalog/jservlet/examples/index.html
Specifically you want the code from Chapters 7 and 8.
You can also look at Java's tutorial on session tracking:
http://web2.java.sun.com/docs/books/tutorial/servlets/client-state/index.html
Hope that helps.
Yoo-Jin.
[This message has been edited by Yoo-Jin, Lee (edited July 21, 2000).]
 
Tony Alicea
Desperado
Sheriff
Posts: 3226
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Just a note that if the user has cookies disabled, the session tracking switches to using URL re-writing. This last one works always although it's more inefficient.
 
Frank Carver
Sheriff
Posts: 6920
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Even URL rewriting still allows a user to copy/paste the URL into another window and then have two windows on the same "session".
This is one of the biggest problems with using a Web browser as a generic User Interface. There is nothing analogous to the "window handle" which is found in all other window-based User Interface systems.
 
Tony Alicea
Desperado
Sheriff
Posts: 3226
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Interesting point, Frank; Thanks!
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic