RE: Tomcat to read cookies on session start?
On Thu, 15 Nov 2001, Deacon Marcus wrote:
Date: Thu, 15 Nov 2001 06:52:57 +0100
From: Deacon Marcus [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Subject: RE: Tomcat to read cookies on session start?
Hi,
-Original Message-
From: Jeremy Pierson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 15, 2001 4:52 AM
To: [EMAIL PROTECTED]
Subject: Tomcat to read cookies on session start?
I need to create a new object and load it into the session attributes
whenever a new session is created. To make this more interesting, this
object needs to check for information stored in a cookie sent by the
browser (stored from a prior visit) and fetch any related information
from a database.
I can use a HttpSessionListener to create an object and add it to the
session whenever a new session is created, but the SessionListener (and
the Session it gives access to) do not give access to an
HttpServletRequest object. So how can I check for cookies or even the
RemoteUser? These two required resources ARE available in the
HttpServletRequest object, but there is no means of getting to that
object from an HttpSessionListener, is there?
Is a servlet Filter my only option? I'm running Tomcat 4.0.1.
In case you're wondering, I don't want to *require* users to login to
make these saved settings available, if they choose to use cookies.
They are only required to login to perform tasks that modify certain
data, or read restricted information.
Many thanks in advance!
-jeremy-
IMO the best option would be to create a filter checking if(
session.isNew() ) { doSomething(); }. Of course, that'd make it 2.3-only.
BTW, that's a very good point - when session is created, it's created
because of an incoming request, so it would be a nice addition something
like HttpSessionEvent.getRequest() to get the request causing session's
creation in HttpSessionListener.sessionCreated()? Anyone working on Servlets
2.4 specs here, what do you think?
More precisely, a session is created because the application told it to --
by calling request.getSession() -- not because the request happened to
come in. I would put the cookie-reading logic in the same place that the
session-creation logic lives.
Greetings, deacon Marcus
Craig
--
To unsubscribe: mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]
Re: Tomcat to read cookies on session start?
On Thursday, November 15, 2001, at 12:49 PM, Craig R. McClanahan wrote:
On Thu, 15 Nov 2001, Deacon Marcus wrote:
Date: Thu, 15 Nov 2001 06:52:57 +0100
From: Deacon Marcus [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Subject: RE: Tomcat to read cookies on session start?
Hi,
-Original Message-
From: Jeremy Pierson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 15, 2001 4:52 AM
To: [EMAIL PROTECTED]
Subject: Tomcat to read cookies on session start?
I need to create a new object and load it into the session attributes
whenever a new session is created. To make this more interesting,
this
object needs to check for information stored in a cookie sent by the
browser (stored from a prior visit) and fetch any related information
from a database.
I can use a HttpSessionListener to create an object and add it to the
session whenever a new session is created, but the SessionListener
(and
the Session it gives access to) do not give access to an
HttpServletRequest object. So how can I check for cookies or even the
RemoteUser? These two required resources ARE available in the
HttpServletRequest object, but there is no means of getting to that
object from an HttpSessionListener, is there?
Is a servlet Filter my only option? I'm running Tomcat 4.0.1.
In case you're wondering, I don't want to *require* users to login to
make these saved settings available, if they choose to use cookies.
They are only required to login to perform tasks that modify certain
data, or read restricted information.
Many thanks in advance!
-jeremy-
IMO the best option would be to create a filter checking if(
session.isNew() ) { doSomething(); }. Of course, that'd make it
2.3-only.
BTW, that's a very good point - when session is created, it's created
because of an incoming request, so it would be a nice addition
something
like HttpSessionEvent.getRequest() to get the request causing session's
creation in HttpSessionListener.sessionCreated()? Anyone working on
Servlets
2.4 specs here, what do you think?
More precisely, a session is created because the application told it
to --
by calling request.getSession() -- not because the request happened to
come in. I would put the cookie-reading logic in the same place that
the
session-creation logic lives.
*Any* jsp page or servlet can cause a new session, so you'd have to put
this logic in *all* of them -- or use a filter (which I have), or
rewrite your own Catalina classes to pass the HttpServletRequest object
to the HttpSessionListener.
A session listener is the ideal choice for implementing logic that you
want to occur regardless of which page/servlet triggered the session's
creation.
I am currently using a filter to accomplish this, but it requires a more
code and checking. Also, once the user *does* authenticate, these
variables must be reloaded (in case the user logged out and back in as
somebody else). An AuthenticationListener would also be very helpful.
Otherwise, I'm back to using filters, or writing a new Authenticator. I
have *NO* problems with the FormAuthenticator that ships w/ Tomcat, but
it'd be nice if I could have it call some other components to do a few
things after the session has been authenticated.
-jeremy-
Greetings, deacon Marcus
Craig
--
To unsubscribe: mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]
--
To unsubscribe: mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Tomcat to read cookies on session start?
Hi,
-Original Message-
From: Jeremy Pierson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 15, 2001 4:52 AM
To: [EMAIL PROTECTED]
Subject: Tomcat to read cookies on session start?
I need to create a new object and load it into the session attributes
whenever a new session is created. To make this more interesting, this
object needs to check for information stored in a cookie sent by the
browser (stored from a prior visit) and fetch any related information
from a database.
I can use a HttpSessionListener to create an object and add it to the
session whenever a new session is created, but the SessionListener (and
the Session it gives access to) do not give access to an
HttpServletRequest object. So how can I check for cookies or even the
RemoteUser? These two required resources ARE available in the
HttpServletRequest object, but there is no means of getting to that
object from an HttpSessionListener, is there?
Is a servlet Filter my only option? I'm running Tomcat 4.0.1.
In case you're wondering, I don't want to *require* users to login to
make these saved settings available, if they choose to use cookies.
They are only required to login to perform tasks that modify certain
data, or read restricted information.
Many thanks in advance!
-jeremy-
IMO the best option would be to create a filter checking if(
session.isNew() ) { doSomething(); }. Of course, that'd make it 2.3-only.
BTW, that's a very good point - when session is created, it's created
because of an incoming request, so it would be a nice addition something
like HttpSessionEvent.getRequest() to get the request causing session's
creation in HttpSessionListener.sessionCreated()? Anyone working on Servlets
2.4 specs here, what do you think?
Greetings, deacon Marcus
--
To unsubscribe: mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]
