Win a copy of Five Lines of Code this week in the OO, Patterns, UML and Refactoring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

Passing a session from a servlet to a JSP

 
Ranch Hand
Posts: 141
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Greetings all,

I'm building a webapp using JSP/sessions/servlets. The webapp will have dozens of concurrent users logged in.

login.jsp gets called from a link on the webapp's home page and contains a form that calls servlet process_login.java .
process_login.java uses the username/passwd info from the form to validate against a database and if valid creates a session and stores some values in it:



Questions: What should I put in myapp_mail.jsp and/or process_login.java so that myapp_main.jsp finds the session corresponding to the person who just logged in? Does this question make sense? If a new session is created for each valid user there could be dozens of sessions floating around - how would myapp_main.jsp know which one to find and then how would it grab that session?

Comments/hints/suggestions/constructive critisism/links/examples are all welcome.

TIA,

Still-learning Steve


 
Bartender
Posts: 4179
22
IntelliJ IDE Python Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You should google for JSP Session Management to learn a lot of details but basically:

1) When a session is created, the next response to the client sends a Cookie with a unique ID for the session for that client
2) When the client sends each new request from then on, it includes the same Cookie with the session ID for its intended Session
3) Part of the pre-processing of the request done by the server is to find that Cookie with ID and associate the proper Session with the request.

So what do you have to do? Really nothing except call request.getSession() or use the scope=session attribute in tags as appropriate.

But like I said, google for session management to learn more - and what to do to prevent clients that have Cookies turned off from breaking.
 
Stuart Rogers
Ranch Hand
Posts: 141
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
OK, I can google for that. I'm striving hard to not make use of cookies. Another way might be for process_login.java to create a Bean, but again how would myapp_main.jsp know which Bean (well, instance of Bean to use?

I'll check on this in a few hrs time, gotta run. Thanks for your input.


Still-learning Steve
 
Steve Luke
Bartender
Posts: 4179
22
IntelliJ IDE Python Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Stuart Rogers wrote:OK, I can google for that. I'm striving hard to not make use of cookies. Another way might be for process_login.java to create a Bean, but again how would myapp_main.jsp know which Bean (well, instance of Bean to use?

I'll check on this in a few hrs time, gotta run. Thanks for your input.


Still-learning Steve



Do the google for Session Management. You should find links for 'URL Re-writing', which appends the session id to the end of the URLs as special information. If you plan on not using cookies then this is your only choice.
 
Ranch Hand
Posts: 2458
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Stuart Rogers wrote:OK, I can google for that. I'm striving hard to not make use of cookies.

I smell a misunderstanding.

The application server actually makes use of a cookie to make session tracking possible without URL rewriting. Only and only if the client doesn't support cookies, the application server will switch to URL rewriting (jsessionid will be added to the request URL). This way the server will still be able to track the client session.

At any way, to get straight on your question "Passing a session from a servlet to a JSP": the HttpSession is implicitly already available in JSP EL in the form of ${pageContext.session} and its attributes by ${sessionScope.attributeName} or just ${attributeName}.

I would also rather collect all User specific properties together in one User class which you can store as one session attribute, instead of spreading them all out as loose session attributes.
 
Steve Luke
Bartender
Posts: 4179
22
IntelliJ IDE Python Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Bauke Scholtz wrote:
The application server actually makes use of a cookie to make session tracking possible without URL rewriting. Only and only if the client doesn't support cookies, the application server will switch to URL rewriting (jsessionid will be added to the request URL). This way the server will still be able to track the client session.



You can usually turn cookies off on the server side as well. For example on Tomcat you can set the Context's cookies attribute to false to force URL rewriting even if the client supports cookies.
 
Bauke Scholtz
Ranch Hand
Posts: 2458
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sure. But based on the the knowledge level of the topicstarter I donĀ“t think that he actually turned off cookies on the server.
 
Stuart Rogers
Ranch Hand
Posts: 141
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I was able to get it all working, with a little help from google and my collegues here at JavaRanch.

Thanks to all that replied!

CASE CLOSED

Still-learning Stuart
 
It's hard to fight evil. The little things, like a nice sandwich, really helps. Right tiny ad?
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
    Bookmark Topic Watch Topic
  • New Topic