This week's book giveaways are in the Jython/Python and Object-Oriented programming forums.
We're giving away four copies each of Machine Learning for Business: Using Amazon SageMaker and Jupyter and Object Design Style Guide and have the authors on-line!
See this thread and this one for details.
Win a copy of Machine Learning for Business: Using Amazon SageMaker and JupyterE this week in the Jython/Python forum
or Object Design Style Guide in the Object-Oriented programming forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Paul Clapham
  • Jeanne Boyarsky
  • Knute Snortum
Sheriffs:
  • Liutauras Vilda
  • Tim Cooke
  • Junilu Lacar
Saloon Keepers:
  • Ron McLeod
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Joe Ess
  • salvin francis
  • fred rosenberger

Problems in managing sessions

 
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear colleagues,

OK, here goes my first post in this forum....

I'm new in Java development and I'm trying to develop an application in which I have to manage sessions to check users login previously to the access of a set of JSP pages. I'm breaking my head with sessions management and I can't identify the session that I previously created in a servlet. I mean, I have a servlet in which I check the user name and password and once the user has been validated, I include the user name in a session variable.

My problem is that in the JSP pages or filters I access after the user has been validated by the servlet, I cannot identify the variable I set in the servlet. When I do HttpSession sesion = request.getSession, I always get a different session ID. I extracted the following piece of code from the servlet in which I validate the user credentials:



So far everything works fine. The user credentials are checked correctly and the variable "usuario" is inclided in the session if everything ran OK, otherwise, the variable "mensaje" is set up.

I created a filter to check if the user has been validated before loading the next JSP Page. The code is shown below.



Although the variable "usuario" already exists, the filter does not recognize it and therefore redirects me to the login page "/Acceso/Acceso.jsp".

Please could you help me to find out where the errors are? I guess it will be easy to find out, but as mentioned I'm quite new in Web development....

Many thanks in advance everybody.

Kind regards.

Likos.

 
Marshal
Posts: 67343
173
Mac Mac OS X IntelliJ IDE jQuery Java
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is your filter configured to fire even for the request that does the login logic? If so, the filter is checking before the value can be set into the session.

I also recommend a fair amount of code cleanup. All those checks for the null session can either be eliminated (are you ever really going to have a null session?) or at least consolidated to one place.

Also storing the password unencrypted and fetching it for comparison is not good security. You should be storing a hashed password, and just using a count fetch to see if a record with the encrypted value exists or not. That's also more efficient.
 
Likos Anthropous
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear Bear,

Thank you very much for your very useful advises. Regarding the filter problem, I found out where the problem was.
As you all may know, the session values are kept for a concrete application. As I did not have all the servlets and JSP pages yet integrated into the same application, the scopes of the sessions were different. But, OK this was finally sorted.

You’re right Bear, I’m pretty sure that the code could be very much improved, anyway this is not yet the definitive version as I included some code just for testing…

I’ll take your consideration about the way of storing and comparing passwords, with which I strongly agree. Thanks very much for it.
Sorry for having posted the code without any indentation, I was not aware of a way for a better presentation…

Kind regards and thanks again.


 
Bear Bibeault
Marshal
Posts: 67343
173
Mac Mac OS X IntelliJ IDE jQuery Java
 
Can you smell this for me? I think this tiny ad smells like blueberry pie!
Sauce Labs - World's Largest Continuous Testing Cloud for Websites and Mobile Apps
https://coderanch.com/t/722574/Sauce-Labs-World-Largest-Continuous
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!