Luther,
I use session tracking to secure a site. Below is a code snippet of my
implementation.
private LoginPage anObj;
private LoginFailurePage anotherObj;
private HttpSession currSession;
private boolean loginFailed = false;
protected void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException
{
currSession = req.getSession(false);
if ( currSession == null || loginFailed )
{
currSession = req.getSession(true);
anObj = new LoginPage(res); // This line displays my
login page
currSession.putValue("Userid", "UNKNOWN");
currSession.putValue("Password", "UNKNOWN");
}
else
{
if ( currSession.getValue("Userid").compareTo("UNKNOWN") ==
0 )
{
if (
anObj.Authenticate(req.getParameter("Userid"), req.getParameter("Password")) )
{ // This user is authorized to use this
site
currSession.removeValue("Userid");
currSession.removeValue("Password");
currSession.putValue("Userid",
req.getParameter("Userid"));
currSession.putValue("Password",
req.getparameter("Password"));
loginFailed = false;
// Do something useful here
}
else
{
anotherObj = new LoginFailed(); //
Display a login failure page
loginFailed = true;
}
}
else
{
// Do some more useful stuff
}
}
This how I implement session tracking. Hope it helps.
One question I would have though. Is it necessary to worry about thread-safe
techniques when using an HttpSession object? If so can someone please explain why?
Thanks,
Trevor
Luther Andal wrote:
> I would be very interested in how everyone is Tracking Sessions....
<snip>
>
>
> Thanks,
>
> Luther
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
