Your problem might be that you create your own HttpSession in your
verifyuser servlet. What do you do with it? A HttpServer is already created
for you and is send to your servlet in the HttpServletRequest parameter. To
get that session, use
request.getSession ();
That should be the session object that's send around from servlet to servlet
as the clients surfs your webserver.
Hope that helps,
Arjan Houtman
Antares Informatisering
[EMAIL PROTECTED]
>I'm testing session tracking & cookie on two different browsers (IE 4 and
>Netscape 4.5)
>
>I have a scenario like this :
>User access the main.html (this html contains a form asking for
>username and password).
>When the submit button clicked, the form is posted to verifyuser servlet.
>If username with that password exists, the verifyuser servlet will
>*create* a HttpSession. <I print the SessionId ... say "ABCD">
>
>Then the control is transferred to lobby servlet <I use
>resp.sendRedirect(lobbyURL)>
>
>I also anticipate the possibility user directly type the lobbyURL (with
>the necessary GET parameters) on his browser....By trapping on the
>service(req,resp) method of lobby servlet.
><
> HttpSession session = req.getSession(true)
> //here i want to check the sessionId
> System.out.println(session.getId());
> //
> if(session.isNew()){
> session.invalidate();
> resp.sendRedirect(mainhtmlURL);
> }else{
> super.service(req,resp)
> }
>>
>
>The problem is (If using IE 4): the sessionId of session that was created
>by verifyuser servlet, *is not the* same with the sessionId that I get in
>service method of lobby servlet <ABCD =/= WXYZ>
>
>I do not understand this, the tutorial says that every single user have a
>*single* session, that can be *shared* among servlets.
>
>I can draw a conclusion that : IE 4 will create a *new*/*separate* request
>upon accepting SEND REDIRECT response header <the final effect is
>creating a new & different session>
>Is that correct ?
>
>I do not experience this problem if I use Netscape 4.5....
>
>It's really annoying, since I rely on that session tracking mechanism for
>securing my system <from witched users, ya just like above : they type
>directly the servlet URL>
>
>How to correct this problem ?
>Is there any other way of invoking another servlet from a servlet ?
>(Until now, I only know one : sendRedirect)
>
>Thanks a lot for your helps
>
>-raka-
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
