"Wang, Dapeng" wrote:
> Hi,
>
> what is the best way to do session validation? If a session times out, all
> objects bounded with this session get deleted. So every JSP or servlet must
> check whether a valid session is available. Where should this checking
> occur. In JSP Model2 it is easy to do the session validation in the central
> controller servlet. But I don't like the big if else queries to determine
> the iew page. Somebody posted a solution which handles the session
> validation in a super class of all JSPs or servlets. Is that the best way to
> solve this problem?
>
Why do you need a big "if .. else if" construct in Model2? The approach I take is
to use the path information part after the servlet path, and look up the
appropriate processing class in a Hashtable that is configured in the
initialization of the servlet. That way, there is no code change to the
controlling servlet when you add new processing options.
This approach has been discussed many times (with code examples) previously on the
JSP-INTEREST and SERVLET-INTEREST mailing lists.
>
> Another problem is if I hit a link and my session is timed out. I have to
> reenter my user and password. If I want to continue with my old request, a
> mechanism must be available to memorize and forward the old request, Is
> there any standard way to handle this problem?
>
There is nothing in the servlet API standard, because this is an application
specific issue. However, if you use the "model 2" approach, it's pretty easy to
save the request parameters in the newly created session before you proceed to the
login page. Then, if the login page finds that your username and password are
valid, it can check for the existence of the saved request information, and
proceed to complete that request. (Servlet containers that implement the 2.2 API
specification can do this for you using the "form login" based security
authentication.).
>
> regards
> Dapeng
>
Craig McClanahan
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
