Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Old session value in captcha  RSS feed

 
Ankit Tripathi
Ranch Hand
Posts: 199
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hi,

I have a registration JSP for for user which has to be submitted once captcha image content is validated with content entered in corresponding text field. Captcha is coming as image response from a servlet when JSP is being invoked.Captcha string is converted to a javascript object using GSON and stored in session scope and being compared with entered text in textfield.I am able to generate captcha image successfully over JSP but values in session scope and entered text for captcha string are not being matched and I am seeing that old value for cpatcha String is still there in session scope(which was there in session scope before refreshing captcha image).

Codes for captcha servlet and JSP have been given below :

CaptchaServlet.java




register.jsp

 
K. Tsang
Bartender
Posts: 3624
16
Firefox Browser Java Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't think putting the captcha string in session scope is a good idea. The request scope is more appropriate.

Also when the page is validated/ reloaded and the captcha changes, is the CaptchaServlet triggered?

Since you are using javascript to validate the captcha, you may want to use a hidden variable to store this generated string in the jsp. Then when page reload, this hidden variable gets updated as well (assuming the CaptchaServlet is triggered).
 
Ankit Tripathi
Ranch Hand
Posts: 199
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Tsang,

Thanks for your reply.

I don't think putting the captcha string in session scope is a good idea. The request scope is more appropriate.

I tried to put captcha string in request scope instead of session scope and tried to do response.sendRedirect() and RequestDispatcher.forward() but I got below exception :

java.lang.IllegalStateException: Response already committed

Which I think due to - Response is already dispatched in form of image to JSP.What is the reason for putting captcha string in request and what mistake I am committing.

Also when the page is validated/ reloaded and the captcha changes, is the CaptchaServlet triggered?

"
Yes, CaptchaServlet is being triggered as I can see a new captcha string on every page refresh or on click of "refresh" image.

Since you are using javascript to validate the captcha, you may want to use a hidden variable to store this generated string in the jsp. Then when page reload, this hidden variable gets updated as well (assuming the CaptchaServlet is triggered).


Could you please give an example of this.




 
K. Tsang
Bartender
Posts: 3624
16
Firefox Browser Java Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Right then you can't put the captcha in the response scope. So leave it in session.

The hidden variable can be used in your JSP like this:


Then in your javascript just getElementById("toCheckCaptcha") to get the session's value and compare it with the user's input (capi)

My syntax may be a bit off but you get the idea.
 
Ankit Tripathi
Ranch Hand
Posts: 199
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I tried to access captcha string value in EL like below but value of hidden variable in javascript is coming null.



javascript




 
K. Tsang
Bartender
Posts: 3624
16
Firefox Browser Java Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ankit Tripathi wrote:
var secCode = document.getElementById("code").innerHTML;



Why use innerHTML? Does value give you the hidden's value?

document.getElementById("code").value
 
Ankit Tripathi
Ranch Hand
Posts: 199
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Tsang,

Now I can see the value of hidden variable in alert box but it's coming as old session value.

For example previously captcha string in session was "1se492" and after I refreshed the captcha and it changed to "1vcosp" now after entering "1vcosp"when I am clicking "submit" button, Value entered in text box is correctly popping up in alert but value of hidden variable is coming wrong(old value - 1se492) in alert hence both are not matching.
 
K. Tsang
Bartender
Posts: 3624
16
Firefox Browser Java Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well you mentioned the CaptchaServlet is called during refresh. The session attribute needs to be re-set.

After the page loads, view the source code to check the captcha hidden value. If this is not updated, you will need to find out why the servlet is called but session attribute not updated.
 
Ankit Tripathi
Ranch Hand
Posts: 199
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Session value in hidden field is being updated but always previous request value is coming in it.Not able to figure out why...
 
K. Tsang
Bartender
Posts: 3624
16
Firefox Browser Java Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yet your println statement in your Servlet is the new value? But the JSP isn't?

Is the JSP 1) a redirect or 2) forwarded page or 3) direct link from another JSP using CaptchaServlet?
 
Ankit Tripathi
Ranch Hand
Posts: 199
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Tsang,

1.Yes.

2.CaptchaServlet is called as image source in register.jsp for which URL mapping in web.xml is given as "captcha".

 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!