Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to achieve session managemetn in servlet for ended session scenario

 
Harshal Gurav
Ranch Hand
Posts: 151
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Everyone,
I am currently working on one erp development which include development of many form using jsp and servlet.
I have set the session time is 10 min.
Suppose user doing work on one form and for any reason his session is ended,he will automatically looged off.
Now my need is-
when user login again,he should show the previous page where he had working and the same incomplete data that he had been entered in previous page.
I have know the basic concept of session in servlet.
Is anyone can give me specific url where i can get all this information or any help?
Any valuable suggestion is highly apprteciated.

Thanks and Regards
Harshal
 
Satish Kandagadla
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think you may need to write a cookie and send it back to the client. When the client is logged in again the cookie should be sent back which should keep the data that was entered previously.

You should find lot of information on how to write a cookie if you google it. Hope this helps.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65228
95
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Cookies are a pain to deal with. I'd just carry the values in hidden form parameters.
 
Harshal Gurav
Ranch Hand
Posts: 151
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Satish and Bear Bibeault,
Thank you very much for your reply.
Can you give me more specific information or url so that i can easily get information
Or can you give me more specific word for google Searching.

Thanks and regards
Harshal
 
Vinod K Singh
Ranch Hand
Posts: 198
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
To show the un-submitted data to user you have to make some mechanism to store the data on client side. Google Gears might be useful in such scenarios.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65228
95
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why use an atomic bomb when a hammer will do?
 
Vinod K Singh
Ranch Hand
Posts: 198
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Bear Bibeault:
Why use an atomic bomb when a hammer will do?


To me this requirement looks quite complex. May be I am not able to see the right hammer here

when user login again,he should show the previous page where he had working and the same incomplete data that he had been entered in previous page.
 
Pat Farrell
Rancher
Posts: 4678
7
Linux Mac OS X VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Bear Bibeault:
Cookies are a pain to deal with. I'd just carry the values in hidden form parameters.


I'll agree that cookies are a pain, but hidden form parameters that contain data are a huge security hole. Never trust the client.

A better way is to generate a nonce, and store it on the form as a hidden parameter. Use the nonce as a key to a HashMap that contains the rest of the parameters you want to remember.

No nonce, no remembered values. Got a nonce, retrieve values.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65228
95
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Pat Farrell:
I'll agree that cookies are a pain, but hidden form parameters that contain data are a huge security hole. Never trust the client.
I absolutely agree with you with regards to sensitive data, but in this case it merely needs to record the original URL and any params which originated on the client and were already exposed and don't really need any protection.
 
Harshal Gurav
Ranch Hand
Posts: 151
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Pat Farrell ,
I serched on google for how to generate a nonce in java but unable to find required document.
Can you give me more specific regarding to above issue i.e how to shows the incomplete form data.
Thanks for your co-operation.
regards
Harshal
 
Tim Holloway
Saloon Keeper
Posts: 18304
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Any data that was entered on the web page, but not submitted to the server is lost. JEE isn't client/server, so the server only knows what the client tells it.

If you (re-)submit a form that's bound to a timed-out session, that's different, since the client still has the data, but if you've closed the form, it's Game Over.

Normally, what I do is bind the work in progress to the user ID and store it in a workspace on persistent store. If you prefer, you can reduce the overhead by using an ORM and/or a session timeout listener to flush the session data to backing store only when necessary. Then, when the user logs back in, reload the session from backing store.

Depending on the security framework used, attempting to submit a form for a timed-out session might require some additional cleverness, since some systems will discard the form when they navigate to the login page and some will just temporarily side-track it.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic