Hi,
On Wed, 11 Aug 1999, Alvaro Fuentes wrote:
> We are developing a group of servlets that need to share some info
> stored in a session. The first servlet creates the session and the other
> ones retrieve the info from that session. The problem is that those
> servlets which call
> req.getSession(false) seem to behave randomly: sometimes they get the
> session, sometimes they just return null. I think this is because of
> servlet-reloading when compiling: if we delete ALL servlets (.class),
> then compile and call servlets, there's no problem. But if we
> individually compile one servlet, this will not get the session info
> correctly.
> Is it possible?
> Any other possible cause?
> We're using JRun and Netscape Server.
>
> Thanks
This message is also a in attention for the API designers at
servletapi-feedback@
I would like the possibility to tell the servlet engine that one servlet
or a group of servlets (an webapp) needs a session to be already created
and confirmed by the browser, *before* any doGet() or doPost() within
these specific servlets is called.
Such a feature would save a lot of server-specific programming, from the
application developer. (check within all servlets if there is a session ,
if not, redirect to a login servlet or what, but what should I do when
user accessed another servlet before, and so on..)
Such servlets can be marked either by servlet developers through empty
interfaces (like an RequiresSessionModel interface ) or by deployers
through configuration parameters in servlet engines (a "NeedsSession"
flag, similar to "LoadOnStartup" flags used in some servlet engines).
Other specific servlets also would be nice to have: Those that tell the
servlet engine about how sessions should be created -
"SessionCreateServlet":
these create sessions and eventually authenticate users, within
an web application's boundaries.
Developers should not need to check login conditions and redirect to
such servlets in all other servlets they write.
It would be cleaner if no such specific treatments were needed within
web applications, and being able to tell the servlet engine that
the same servlet (login servlet) must be called for any request
within an application, if no session is opened.
this way some advantages would be achieved:
- enforcing some sort of application flow - the "login sevlet" handles
also the initialisation required at session level, populating
sessions with attributes needed by all other servlets.
Others servlets will not need to allways check (and populate) the
session's atributes for application specific data,
(like handles to connection pools or template-engines,
or user specific informations)
- sepparates from server-type logic (authentication, initialisations)
and normal application logic. Application will not need to care
about how the authentication servlet is called (its URI),
or how it works.
Developers should focus better either on applications themselves
or server-level services they want to add.
- Reusability of "SessionCreate" servlets within more than one
application.
In general server-side service developer should be able to add
capabilities to existing servlet engines - custom authentication
is a good example.
Even more, such a service should enable him even to take control on
what some standard API calls should retorn, like telling the
engine "ask me what you must return when you-re required to tell the
getRemoteUser() "
-------------------------------------------------------------------------
Thanks
Cezar Totth.
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
