On Wed, 23 Jun 1999, Arjan Houtman wrote:
> Your problem might be that you create your own HttpSession in your
> verifyuser servlet. What do you do with it? A HttpServer is already
> created for you and is send to your servlet in the
> HttpServletRequest parameter. To get that session, use
>
> request.getSession ();
But they are doing that -- the above line (which is only available in
JSDK 2.1 compliant servlet engines) is equivalent to:
request.getSession(true);
Here's a thought: Is it possible that you have cookies disabled in
your IE?
> >I'm testing session tracking & cookie on two different browsers (IE 4 and
> >Netscape 4.5)
> >
> >I have a scenario like this :
> >User access the main.html (this html contains a form asking for
> >username and password).
> >When the submit button clicked, the form is posted to verifyuser servlet.
> >If username with that password exists, the verifyuser servlet will
> >*create* a HttpSession. <I print the SessionId ... say "ABCD">
> >
> >Then the control is transferred to lobby servlet <I use
> >resp.sendRedirect(lobbyURL)>
> >
> >I also anticipate the possibility user directly type the lobbyURL (with
> >the necessary GET parameters) on his browser....By trapping on the
> >service(req,resp) method of lobby servlet.
> ><
> > HttpSession session = req.getSession(true)
> > //here i want to check the sessionId
> > System.out.println(session.getId());
> > //
> > if(session.isNew()){
> > session.invalidate();
> > resp.sendRedirect(mainhtmlURL);
> > }else{
> > super.service(req,resp)
> > }
> >>
> >
> >The problem is (If using IE 4): the sessionId of session that was created
> >by verifyuser servlet, *is not the* same with the sessionId that I get in
> >service method of lobby servlet <ABCD =/= WXYZ>
> >
> >I do not understand this, the tutorial says that every single user have a
> >*single* session, that can be *shared* among servlets.
> >
> >I can draw a conclusion that : IE 4 will create a *new*/*separate* request
> >upon accepting SEND REDIRECT response header <the final effect is
> >creating a new & different session>
> >Is that correct ?
> >
> >I do not experience this problem if I use Netscape 4.5....
> >
> >It's really annoying, since I rely on that session tracking mechanism for
> >securing my system <from witched users, ya just like above : they type
> >directly the servlet URL>
> >
> >How to correct this problem ?
> >Is there any other way of invoking another servlet from a servlet ?
> >(Until now, I only know one : sendRedirect)
> >
> >Thanks a lot for your helps
> >
> >-raka-
>
Milt Epstein
Research Programmer
Software/Systems Development Group
Computing and Communications Services Office (CCSO)
University of Illinois at Urbana-Champaign (UIUC)
[EMAIL PROTECTED]
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
