Re: session information!!!

Fernando Salazar Wed, 03 May 2000 06:20:27 -0700
> Tell me do you use Cookie's or Hidden forms or URL rewriting for maintain
> sessions??
>
> I ask this question to help solve a problem of my own!
>
> Vinod

The basic way to do this is given below. (Please don't send me follow-up
questions
on the details.  If this doesn't make sense, I suggest you get a basic book
on
servlets and review session handling)

1) All pages in your application have to have something like this at the
top:

        <%
                if ( session.isNew() )
                {
                        response.sendRedirect( response.encodeRedirectUrl( 
"/login.jsp" ) );
                        return;
                }

                if ( null == session.getValue( "username" ) )
                {
                        response.sendRedirect( response.encodeRedirectUrl( 
"/login.jsp" ) );
                        return;
                }
        %>

If the session object has just be created, or if there is not a valid
username stored
in the session, they will be re-directed to the login page.

2) Your "login.jsp" has to present a form that gets username, password, etc.
Also,
check the session object for an error-message, eg:

        <%
                String  emsg;

                emsg = session.getValue( "errormessage" );
                if ( null != emsg )
                {
                        out.println( "<br><b>" + emsg + "</b><br>" );
                }
        %>

3) Make the <FORM> action in login.jsp something like "checklogin.jsp".
In checklogin.jsp, do the following:

        <%
                boolean loginOk = false;
                String  username = null;

                // put your own code to check the POSTed username, password

                if ( loginOk )
                {
                        session.putValue( "username", username );
                        response.sendRedirect( response.encodeRedirectUrl( 
"/memberpage.jsp" ) );
                        return;
                }
                else
                {
                        session.putValue( "errormessage", "Username/password is 
invalid." );
                        response.sendRedirect( response.encodeRedirectUrl( 
"/login.jsp" ) );
                }
        %>

That's all there is to it -- the servlet/JSP engine will (or should) handle
all the
mechanics of re-writing Urls to include session identifiers if needed.  If
you want to use
hidden fields, you need to write your own code to create, save and access
sessions.

- Fernando

===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:

 http://java.sun.com/products/jsp/faq.html
 http://www.esperanto.org.nz/jsp/jspfaq.html
 http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
 http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
Re: session information!!!

Reply via email to
