So, I *do not* need to create a session ? (Because the session is
automatically created on the first time request is accepted by the web
server ? But at this point, the user *is not joined* to the session ?)
So, how to explicitly *join* a user to a session ? (Until the user join
the session, session.isNew() always returns true ?)
[Sorry, each sentence ended with a ?. I need your opinion, maybe I
misunderstood some / more points on session tracking]
Is session tracking behavior different from one servlet engine to the
other servlet engine ? If yes, how to get around this incompatibility ?
Session tracking & cookie is the only section in Java Tutorial I haven't
passed up to this moment. Please help me...
And where can I find, a *real good* articles on session tracking and
cookie (with servlet) ? In my harddisk, there are doc from jsdk, doc from
java webserver 1.1.3, doc from jigsaw, and java tutorial....
But their explanations are very much alike...
And where can I find articles on making a secure and foolproof servlet
based web-app ? (For example, I want to avoid user pressing
back/forward/refresh button or calling a servlet from browser's history).
Thanks a lot for your helps
-raka-
java really piss me off
But I (guess) am already addicted to it...
(uppsss, too late...)
On Wed, 23 Jun 1999, Arjan Houtman wrote:
> >> >When the submit button clicked, the form is posted to verifyuser
> servlet.
> >> >If username with that password exists, the verifyuser servlet will
> >> >*create* a HttpSession. <I print the SessionId ... say "ABCD">
> >>
> >> Your problem might be that you create your own HttpSession in your
> >> verifyuser servlet. What do you do with it? A HttpServer is already
> >> created for you and is send to your servlet in the
> >> HttpServletRequest parameter. To get that session, use
> >> request.getSession ();
> >
> >But they are doing that -- the above line (which is only available in
> >JSDK 2.1 compliant servlet engines) is equivalent to:
>
>
> What I understood from the original post (as quoted above), is that they
> created a HttpSession object of their own.
>
>
> Arjan Houtman
> Antares Informatisering
> [EMAIL PROTECTED]
>
> ___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
