• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

session attributes, servlet controller and browser back button

 
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,
I am using a JSP with a <FORM ACTION=Servlet METHOD="POST"> and the Servlet as the controller.
I am also setting a session variable in the JSP as an identifier for the Servlet to identify what action to perform.
ie:
JSP1:
<%session.setAttribute("webAction","someAction")%>
JSP2:
<%session.setAttribute("webAction","someOtherAction")%>
Servlet:
String webAction = (String)session.getAttribute("webAction");
if (webAction.equalsIgnoreCase("someAction")) {
request.getParameter("someParm");
...
} else if (webAction.equalsIgnoreCase("someOtherAction")) {
request.getParameter("someOtherParm");
...
This works great however, if the user hits the back button, I get an nullpointer exception.
I suspect this is because the session attribute has been set by the new JSP they're on and going back results in the servlet processing being called again however this time with the new session attribute where none of the request parameters being set.
What would be the best way to handle this?
Should I test the first paramter obtained for a null value or catch the whole exception?
Or should I be looking at this differently all together?
Any direction appreciated.
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Why set form-specific information in the session? It's more customary to set such info as hidden values in the form itself.
 
Ranch Hand
Posts: 382
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Bear B is right. Form specific data are specific to a request, not the session and as such should not be set in the session. For the action, in each jsp, create a hidden field & set its value to that jsp's action value. When the form is submitted, the hdn fld's value will give you the action to be performed. Just make sure that the hdn fld in different jsps have the same name so that you can do request.getParameter(hdnFldName).
 
Dominik Ratajski
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for your replies. Much obliged.
My only concern about using a hidden field is that it is possible to modify the fields contents through Javascript - ie, through JavaScript debugger console you would have access to setting the hidden fields value.
This would then corrupt the information sent back and cause a security breach.
However it does make sense to have it as a non session value given that it's not session information.
 
sunglasses are a type of coolness prosthetic. Check out the sunglasses on this tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic