"Imam, Asim, CFCTR" wrote:
> Hi Folks,
>
> I finally have done developing a JSP query application. I need ur experts
> advice on the following code I have written that hopefully I havent written
> anything illegal(in terms of designing this thing) or if it is a poor/good
> way of doing things in JSP environment.
>
> Greatly appreciate any help..thanx in advance
>
As you might imagine, there is lots of room for variation in designs like this.
The following comments reflect my own personal design preferences more than any
issue of being "good" or "bad".
When looking at your login bean, it seems to me that you are combining two
conceptual objects that have both different lifetimes and different numbers of
occurrences:
* A mechanism to utilize a database of some sort
to validate username/password combinations
(one instance needed, shared across the entire
application for its entire life).
* A mechanism to record the fact that a particular
user has logged on at a particular moment and
created a particular session (one instance per
session required, should go away when the session
is invalidated or times out).
In my designs, I use an application-scope bean for the first requirement, so that
any servlet or JSP page in the app that needs access to the database can do so.
(In my apps, this object is in fact a JDBC connection pool). It is initialized
when the app starts up, and finalized when the app shuts down.
When users actually log on, I create an object (in my apps it is also called
LoginBean) that is stored with session scope, instead of application scope. This
avoids any requirement for me to create internal hashtables to keep track of
multiple sessions -- the server is doing that for me already because it keeps the
individual sessions in some sort of a collection like this.anyway. When the user
logs off, the session is invalidated and any objects in it (including the
LoginBean) are removed and made available for garbage collection. If you need to
do any application level cleanup, having this kind of LoginBean implement
HttpSessionBindingListener is a useful strategy.
Using this technique, I can also use the *absence* of a LoginBean object with
session scope as an indication that one of the following things happened:
* The user's session has timed out, so a new one was
created for me (because I said session=true in the
page directive). The new session will have no session
scope objects any more.
* The user followed a hyperlink to a page in the middle
of my app, trying to bypass the login form.
In either case, the action I take is to forward the user to my login form.
Craig McClanahan
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
