I don't think check on the session being new is a good way to authenticate.
You should be relying on the presence of some token in the session that
indicates that the user has already gone through the login process which you
put there after they have.
Do you want to use forward? or redirect? I think you want to redirect the
user to the login page and redirect the user from the login page to their
desired page if they get the login right.
I have a question.
You can change the root servlet class of any JSP page correct? So if you
want to have secure pages. Can you abstract the login functionality in a
parent servlet class of all JSP pages that require login and make this class
their root servlet class?
ie. use the extends attribute of the page directive to point to a servlet
which authenticates all it's _eventual_ servlet sublasses pages?
> -----Original Message-----
> From: A mailing list about Java Server Pages specification and reference
> [mailto:[EMAIL PROTECTED]]On Behalf Of Cokorda Raka Angga
> Jananuraga
> Sent: Friday, June 23, 2000 6:31 PM
> To: [EMAIL PROTECTED]
> Subject: Simple question 'bout session
>
>
> Hi guys,
>
> Here's the short description of my problem :
> I have two jsp : login.jsp & service.jsp
>
> User must pass the screening which is done by login.jsp before he
> can access service.jsp.
> If user try to access service.jsp directly, he will be bounced
> (forwarded) to login.jsp.
>
> So, It's time to use session.
> Page directive in login.jsp =
> <%@ .... session="false" %>
> And page directive in service.jsp =
> <%@ .... session="true" %>
>
> In service.jsp, I put this code to detect any attempt to "break
> in" by the user :
> <%
> if(session.isNew()){
> %>
> <jsp:forward page="login.jsp" />
> <%
> }
>
> In login.jsp, there is simple database query, to check the
> username and password entered by user. If found, another query
> will fetch some relevant info about that user, to be put in the
> session. So the code would be like this :
> <%
> //sql query
> ...
> //here's the interesting part.
> //Since the reference to implicit object session is not
> avalaible within login.jsp, I have to make one
> HttpSession session = request.getSession(true);
> //then I put some user info, like user_id & user_fullname
> in that newly created session
> ...
> //Now, I'm expecting the session implicit object which
> will be avalaible within service.jsp will refer to that newly
> created session above.. Is that correct ?
> //Now, let's take the user to service.jsp
> %>
> <jsp:forward page="service.jsp" />
>
> The result :
> I got a request phase error.
> After some tracking, I can conclude that the error is in
> service.jsp. I make this call in service.jsp :
> Hello <%= session.getValue("user_fullname") %> !
>
> I think, session is null.
> Umm, wait, maybe the return value of getValue("user_fullname") is
> null. Which means...the session in service.jsp != session that I
> created in login.jsp (???).
> Well, I'm not sure by the time I'm writing this email.
>
> Either case : I got NullPointerException.
>
> Where did I do wrong guys ?
> Once with servlet, everything worked fine. I'd never ran into
> this kind of trouble.
>
> Thanks for your helps...
> I really appreciate it
>
> -raka-
>
>
> Send FREE Greetings for Father's Day--or any day!
> Click here: http://www.whowhere.lycos.com/redirects/fathers_day.rdct
>
> ==================================================================
> =========
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> JSP-INTEREST".
> Some relevant FAQs on JSP/Servlets can be found at:
>
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.html
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
>
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
