Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

session attributes, servlet controller and browser back button  RSS feed

 
Dominik Ratajski
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,
I am using a JSP with a <FORM ACTION=Servlet METHOD="POST"> and the Servlet as the controller.
I am also setting a session variable in the JSP as an identifier for the Servlet to identify what action to perform.
ie:
JSP1:
<%session.setAttribute("webAction","someAction")%>
JSP2:
<%session.setAttribute("webAction","someOtherAction")%>
Servlet:
String webAction = (String)session.getAttribute("webAction");
if (webAction.equalsIgnoreCase("someAction")) {
request.getParameter("someParm");
...
} else if (webAction.equalsIgnoreCase("someOtherAction")) {
request.getParameter("someOtherParm");
...
This works great however, if the user hits the back button, I get an nullpointer exception.
I suspect this is because the session attribute has been set by the new JSP they're on and going back results in the servlet processing being called again however this time with the new session attribute where none of the request parameters being set.
What would be the best way to handle this?
Should I test the first paramter obtained for a null value or catch the whole exception?
Or should I be looking at this differently all together?
Any direction appreciated.
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65826
134
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why set form-specific information in the session? It's more customary to set such info as hidden values in the form itself.
 
Sadanand Murthy
Ranch Hand
Posts: 382
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear B is right. Form specific data are specific to a request, not the session and as such should not be set in the session. For the action, in each jsp, create a hidden field & set its value to that jsp's action value. When the form is submitted, the hdn fld's value will give you the action to be performed. Just make sure that the hdn fld in different jsps have the same name so that you can do request.getParameter(hdnFldName).
 
Dominik Ratajski
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for your replies. Much obliged.
My only concern about using a hidden field is that it is possible to modify the fields contents through Javascript - ie, through JavaScript debugger console you would have access to setting the hidden fields value.
This would then corrupt the information sent back and cause a security breach.
However it does make sense to have it as a non session value given that it's not session information.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!