> -----Original Message-----
> From: A mailing list for discussion about Sun Microsystem's Java Servlet
> API Technology. [mailto:[EMAIL PROTECTED]]On Behalf Of
> Shital Kanitkar
> Sent: Saturday, 23 September 2000 4:10
> To: [EMAIL PROTECTED]
> Subject: Maintaining session (passing cookie!) between Servlet and
> Applet
>
>
> Hello,
>
> Let me start by saying, I am new to servlets(started just last
> week). I have
> searched the archives on this topic, and did find the trail, but to no
> definite conclusion. Someone suggested that the book by Jason Hunter would
> have a solution, but I checked up yesterday with no success. In
> fact all the
> sources that I have checked, merely mention HTTP tunneling, but avoid the
> session issue. Core Servlets (by SUN!!!) also avoid the topic(i.e.
> Maintaining session (passing cookie!) between Servlet and Applet).
>
> I am using a three tier architecture of Applet ---> Servlet ---> JDBC.
> To connect between Applet - Servlet, I use URLConnection.openConnection(),
> setRequestProperty("CONTENT_TYPE", "application/octet-stream"),
> ObjectOutputStream, and writeObject to pass the serialized object.
>
> I need to know how to maintain a session between an Applet and Servlet. In
> my case, the user logs in and the system allows him features as per his Id
> an administrator will have more features than an ordinary user for e.g.)
>From my testing in a non-plugin applet environment I think that the cookie
is not intercepted by the browser and that you have to get it out of the
headers yourself.
I can't remember the exact header field to look in though (Anyone?). A big
plus is
that the cookie can be retrieved even if the user has cookies turned off in
the
browser.
>
> One thought that comes to mind is, since I am using Applet, I have live
> objects which can maintain such status can I not? i.e. I can have
> an Object
> called User in my Applet with Name, Password, STATUS_LOGGED and privilege
> level as members. after logging in, this user object will be passed to the
> servlet. The servlet validates the user, and sets the privilege level and
> STATUS_LOGGED. The servlets can access this object (obviously by
> the Applet
> sending it) to determine the access level. Is this plausible, and
> are there
> any drawbacks to this?
This is the way I went, I have a session ID that is plugged into each
message
by the communication layer. On the server side this ID is used to look up a
'session' object in a hashtable. It is a bit of work but the advantage is
that the communications is not tied to the applet / servlet architecture.
Our comms. layer lets us use HTTP tunnelling or RMI or direct (same JVM)
communications (this last one is great for debugging!).
>
> If not, what is the best method to use. Please help, I am desperate.
>
> Thanks,
> -Shital
>
Hope this helps,
Rob Griffin
Quest Software
E-mail: [EMAIL PROTECTED]
Web site: http://www.quest.com
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
