We had this problem with a project we worked on with NES 3.6 SP3. Basically
you're going to have to store session data in some other manner (e.g. your
database).
We used cookies to store an identifier (String username), which you can
relate to objects in your custom session data store. These methods (which
we placed in our base servlet for convenience) might get you started.
They don't address your security concerns, however. For that you could
perhaps set the cookie each time to an encrypted timestamp.
Incidentally, here's a JSDK 1.0.1 reference:
http://falconet.inria.fr/~java/classes/JSDK1.0.1/doc/apidoc/packages.html
// This package is available in NES 3.6 SP3's .jar file
import sun.servlet.http.*;
/**
* Sets the user currently logged in.
*/
protected void setCurrentUser(HttpServletResponse response, String
username) throws IOException
{
if(username == null)
throw new IllegalArgumentException("Cannot set current user to
null.");
if(response == null)
throw new IllegalArgumentException("Cannot set current user
for a null
HttpServletResponse.");
// Create a client-side cookie to store the username.
Cookie usernameCookie = new Cookie(USER_COOKIE_NAME, username);
// Make sure the cookie expires when the client closes the browser.
usernameCookie.setMaxAge(-1);
usernameCookie.saveCookie( response );
}
/**
* Returns the currently logged in username. Checks the cookies sent
* by the client; if the username cookie is set, the value is returned.
* Otherwise, <code>null</code> is returned.
*/
protected String getCurrentUser(HttpServletRequest request)
{
Cookie[] cookies = Cookie.getCookies( request );
// If there are no cookies, no user is logged in.
if(cookies == null)
return null;
Cookie cookie;
// Loop through the cookies looking for the one with the proper name.
for(int num = 0; num < cookies.length; num++)
{
cookie = cookies[num];
if(cookie != null)
{
String name = cookie.getName();
if(name != null && name.equals( USER_COOKIE_NAME ))
{
// We found a cookie with the correct name.
// Return its value as the user name.
return cookie.getValue();
}
}
}
return null;
}
Michael
-----Original Message-----
From: A mailing list for discussion about Sun Microsystem's Java Servlet
API Technology. [mailto:[EMAIL PROTECTED]]On Behalf Of John
Studdert
Sent: Wednesday, August 30, 2000 11:47 AM
To: [EMAIL PROTECTED]
Subject: Webserver too old for HttpSession
Hi,
I need HttpSession for saving state across servlets for a project.
However, the company webserver is Netscape Enterprise 3.6 SP2, which doesn't
support JSDK2.0, which apparently includes the HttpSession class. This is a
big problem for us - can anyone recommend another way of tracking session
across servlets? We've been using hidden form fields to get around the
problem of remembering what user is logged in, but this is limited and we
can't see any reasonably secure way of passing state between servlets. Any
suggestions/help would be greatly appreciated!
John
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
