Hi,
try to take this code in your baseclass (assuming the name ist MyServlet) of all
your servletclasses. The performRequest-method must be called directly from the
doPost ()-Method.
If you are using only one (Dispatcher-)Servlet, you have to work out the
Requests from the Login-Page and to react on a Login (via Database or in any
other way). The generated HTML-Page in this Code-Segment must have the tag
containing .
If you are using on the other hand more Servlets derived from this baseclass,
especially one Servlet to every HTML-Page, the generated HTML-Page in this
Code-Segment must have the tag containing . So you can handle the Login in an own Servlet. After
succesful login you should redirect your application to your first Page. In this
way, you give the user the Startup-Page, which is directly connected to your
LoginServlet. Any illegal try of a user, to call an Servlet directly via URL in
your browser will be automatically directed to your Login.
A nice thing is a Logout-Handler on (every) Page. All you have to do is to
generate a "LOGOUT"-Button in your HTML-Stream and if pressed, you destroy the
session via invalidate ()..
class MyServlet
{
..
protected void performRequest (final HttpServletRequest roRequest,
final HttpServletResponse roResponse)
PrintWriter oOutput = roResponse.getWriter (); // get a
HTML-Stream
HttpSession oSession = roRequest.getSession (false); // try to get an
exisiting session
if (oSession != null)
{
// OK, the user is being connected for the n-th time
// this method is yours !!! You get the request, the response, the
actual user-session and the html-stream, where you put in your generated
html-code
performTask (roRequest,
roResponse,
oOutput,
oSession);
}
else
{
// no session, no cookie, some reasons :
// - the user tries to connect the first time
// - the session have been invalidated by tomcat
// - you are using a clustered webserver and your first server have
been fallen down and your failover system takes control.
// so the session data on the first system is been lost. now you
have to login again (like a connection on the first time)
// you can't distinguish the reasons !!!
// get a fresh session, without any attribute-data
oSession = roRequest.getSession (true);
// write your Errormessage (like above) into the HTML-Stream and
create a Login-Screen
oOutput.println (" .. . " + YOUR_ERRORMESSAGE + YOUR_LOGIN_SCREEN + " .
");
// now the generated HTML-Page will be sent back to your browser and
the user must login or leave !
}
}
venkatesan <[EMAIL PROTECTED]> am 15.02.2001 14:01:08
Bitte antworten an [EMAIL PROTECTED]
An: [EMAIL PROTECTED]
Kopie: (Blindkopie: Ralf Bode/13/LBSH/DE)
Thema:Re: Antwort: session creation?
Hi Antwort ,
Thanx a lot for ur help.. Now i am able to create new session and if i not
perform any operations in that page on the specified time. that page is not
comming
and if i click refresh button new page is comming... Well But my
problem is while i entering into my web page the first screen is blank in the
same
way while the page is expired after the particular time if i click any link that
page also blank... can u give me some tips so that while i am entering my
web-page it should not come blank and it the same way after the page expired,
some
message should come...
Thanx in advance
cheers
venkatesh
[EMAIL PROTECTED] wrote:
> Hi,
> to create a user-session you may try the following code in the doGet
> (...)/doPost (...) - handling-Methods :
>
> HttpSession oSession = roRequest.getSession (false); // try to get an
> exisiting session
>
> if (oSession != null)
> {
> // OK, anyone is been connected for the n-th time
>
> // continue
> performTask ()
> }
> else
> {
> // - user tries to connect the first time, no cookie on the client
> -> no session
> // - sessiontimeout, all userdata are lost
> // this behaviour occurs too if you use an clustered webserver
since
> all sessiondata residents only on one machine (!!!)
> // you can't determine, why the session is invalid
> oSession = roRequest.getSession (true); // get a new session
> without any attributes in
>
> // perhaps an errormessage or a login-handling or both
> } :
>
> All user-sessions will be invalidated by tomcat automatically. The timeout is
> defined in the WEB.XML in your %TOMCAT_HOME%/conf - Directory. Out-of-the-box
> this parameter is initialized with 30. This means, aft