• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Customize JSESSIONID info

 
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I want to store username in JSESSIONID but i don't know how to do it. This is school project so i need to do it, i know it's not recommended.
This is the way i start and end session, give me feedback if there is better way..(I'm using Spark as framework);

/start/



/end/


 
Sheriff
Posts: 7125
184
Eclipse IDE Postgres Database VI Editor Chrome Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well, from the little you've given us, I would guess something like this:
 
Saloon Keeper
Posts: 27762
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Knute Snortum wrote:Well, from the little you've given us, I would guess something like this:



WRONG!!!

You don't own jsessionid. The server owns it. A web application should never mess with or cache jsessionid (it can change without warning). Nor should a web client. The jsessionid is passed to the client in a cookie and should be returned with a cookie on the next submit (which most clients do automatically anyway), but the response might contain a completely different jsessionid for the next request to use.

NO SERVICEABLE PARTS INSIDE.

The jsessionid contains absolutely no data about the session or the client. It simply a semi-randomly generated value created by the web application server as a key for the server's internal Map of HttpSession objects. It's used by the server to look up the HttpSession that corresponds to the submitter so that the server can distinguish between one user and another. It should not be used for any other purpose. And, repeating myself, the server can and often will change this key to a completely different value while a session is active.

If you want to pass data from your webapp to a web client and back again, use a regular cookie. DON'T use jsessionid. You have been warned!

Oh, and incidentally, if you are using the J2EE/JEE standard container security system to handle logins (and you almost always should), then your login userid can be determined by the web application at any time by using the request getRemoteUser() method.
 
Nikola Mis
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you, that did help a lot Tim.
 
reply
    Bookmark Topic Watch Topic
  • New Topic