hi Matthias,
Thanks for ur kind information.
Now i can safely pass param used for authentication.Thanks.
But i am facing another problem.In my second servlet there is a logout
button and i want to use it for deleting that particular session through
which the authentication happens. The problem is eventhough the users
logout , using bookmarks or the actual URL others can easily go to the
second servlet. I mean whenever user logs out i want to delete that
particular session .....using its session id or by anyother function .
Is there any function to kill or erase sessions. Evenafter going through
the Servlet API docs i couldn't find out one.
My logic is ---Whenever user calls second servlet from first servlet ,
it will pass sessinID through URL and userid and password as session
variables. And in second servlet i will receive the session id from URL
and check whether that particular session exists or not. (This method is
usefull to deny the access when people use BookMarks. ) And while
logging out from the second servlet i will kill that particular session
using the session id.
Is it possible . and what are the available functions .
Thanks
by pramod
Matthias Carlsson wrote:
> In your first servlet, where you gather the user information, the following
> code
> could be used (in your doGet()- or doPost()-method).
>
> HttpSession session = request.getSession(true);
> session.setAttribute("userid", new Integer(userID));
> session.setAttribute("password", password);
>
> getSession(true) indicates that a session for the user should be created if
> it
> doesn't exist; the following two lines add the user information to the
> session
> object. 'userID' is an int with the user's id, and 'password' (String)
> his/her password.
>
> Now, in your second servlet, do something like this to get the data.
>
> HttpSession session = request.getSession(true);
> int userID = ((Integer)session.getAttribute("userid")).intValue();
> int password = (String)session.getAttribute("password");
>
> For more information, just read the Servlet API documentation.
>
> [ Matthias Carlsson ]
> [ Programmer (Java, XML/XSL, CGI/Perl, HTML/JS) ] [ Web Designer ]
> [ E-Mail : [EMAIL PROTECTED] ] [ ICQ: 1430647 ]
>
>> -----Ursprungligt meddelande-----
>> Fran: A mailing list for discussion about Sun Microsystem's Java Servlet
>> API Technology. [mailto:[EMAIL PROTECTED]]For pramod
>> Skickat: den 20 januari 2001 07:08
>> Till: [EMAIL PROTECTED]
>> Amne: Tell me abt Session
>>
>>
>> hi
>>
>> i am calling a servlet form antthor servlet. Actully from the calling
>> servlet i am passing param to the second servlet. Here the first servlet
>> is used for Authentication and i am passing the userid and password to
>> the second servlet. But i think this is not a good practice to pass this
>> kind of parm through URL eventhough we uses encription technics. Can any
>> body explain how can i use Session to pass variables between servlets.
>> What are the issues while using Session mechanism.
>>
>> Thanks in adv.
>>
>> by
>> pramod
>>
>>
>> _________________________________________________________
>> Do You Yahoo!?
>> Get your free @yahoo.com address at http://mail.yahoo.com
>>
>> __________________________________________________________________
>> _________
>> To unsubscribe, send email to [EMAIL PROTECTED] and include
>> in the body
>> of the message "signoff SERVLET-INTEREST".
>>
>> Archives: http://archives.java.sun.com/archives/servlet-interest.html
>> Resources: http://java.sun.com/products/servlet/external-resources.html
>> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
>
> ___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
>
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
