Thanks Trevor,
This however is a Servlet Engine specific implementation and either uses a
persistent cookie or if cookies are not accepted uses URL rewriting. The
project that I am working on does not have the option to use either of these
methods, which I believe leaves me with a hidden fields solution or a sessionID
in the URL (a form of URL rewriting) . This is the implementation I am most
interested in to see how developers have developed around this solution. Thanks
for your input though, there are many people who probibly could use the code you
provided.
Luther
Trevor Stewart <[EMAIL PROTECTED]> on 05/19/99 01:27:07 PM
Please respond to "A mailing list for discussion about Sun Microsystem's Java
Servlet API Technology." <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
cc: (bcc: Luther Andal/Avnet)
Subject: Re: Session Tracking
Luther,
I use session tracking to secure a site. Below is a code snippet of my
implementation.
private LoginPage anObj;
private LoginFailurePage anotherObj;
private HttpSession currSession;
private boolean loginFailed = false;
protected void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException
{
currSession = req.getSession(false);
if ( currSession == null || loginFailed )
{
currSession = req.getSession(true);
anObj = new LoginPage(res); // This line displays my
login page
currSession.putValue("Userid", "UNKNOWN");
currSession.putValue("Password", "UNKNOWN");
}
else
{
if ( currSession.getValue("Userid").compareTo("UNKNOWN")
==
0 )
{
if (
anObj.Authenticate(req.getParameter("Userid"), req.getParameter("Password")) )
{ // This user is authorized to use this
site
currSession.removeValue("Userid");
currSession.removeValue("Password");
currSession.putValue("Userid",
req.getParameter("Userid"));
currSession.putValue("Password",
req.getparameter("Password"));
loginFailed = false;
// Do something useful here
}
else
{
anotherObj = new LoginFailed();
//
Display a login failure page
loginFailed = true;
}
}
else
{
// Do some more useful stuff
}
}
This how I implement session tracking. Hope it helps.
One question I would have though. Is it necessary to worry about thread-safe
techniques when using an HttpSession object? If so can someone please explain
why?
Thanks,
Trevor
Luther Andal wrote:
> I would be very interested in how everyone is Tracking Sessions....
<snip>
>
>
> Thanks,
>
> Luther
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
