Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to validate user's session while accessing other pages?

 
Viswa Rama
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi I have 2 servlets, Authentication Servlet and Application Servlet. I am checking user credentials against active directory (LDAP). Upon successful login attempt, user is redirected to the right welcome page. In the welcome page, I have a form with a submit button. When the user submits the form, it will hit the Application Servlet's doPost(). My question is, how will i check if the user's session is active before serving the form request?

I only have the session object available in Authentication Servlet, but my application Servlet does not know about it. Do i need to maintain any persistance in my code apart from the HttpSession's API? Can someone help me?

Thanks
 
Tim Moores
Bartender
Posts: 2854
46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
An HttpSession is valid and accessible for all servlets that are part of the same web app, not just the one that started it. Have you tried accessing the session from the other servlet?
 
Viswa Rama
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tim,

Thanks for your quick reply and it was a good piece of information.

I am able to see the session object in the other servlet. So the httpsession's scope is across webapp, not just servlet cool.

Thank you so much.
 
Amit Ghorpade
Bartender
Posts: 2854
10
Fedora Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Viswanadh Ramadugu wrote:Tim,

So the httpsession's scope is across webapp, not just servlet cool.


This statement is a bit confusing because yes, the session object is accessible for all the resources that the web-app has. But that does not mean that scope of the session is same as the application scope.
The session object is destroyed with the session. Also there are multiple session objects which are mutually exclusive. That means if I store a certain value in one user's session object, I cannot access it from other user's session object.
Both the above mentioned things can be done by a application context object, which has the widest scope in the web-app.
 
Viswa Rama
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Amith,

I am in the page same page. May be my wordings are little amateur. Your explanation gives a lot of clarity though.

Thank You
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic