Thanks Peter. I guess I have to take the alternate approach then . Sudhanshu ----- Original Message ----- From: "Peter Huber" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, November 27, 2001 1:45 PM Subject: Re: Session Management in JSP Application
> Currently you use the session as a isLogedIn-flag. > If you use the servlet containers security mechanism then: > 1.You can bundle all your jsp/servlets into a resource collection and > restrict access to this resources by roles. All your jsp's then can be > session="true" jsp's, because if the container let's you access any of > them then it's guranteed that you are loged in. > 2.You can specify your own login jsp and deploy it in web.xml. In that > case you must use predefined form names for username and pwd. (think > it's specified in jsp spec) > > The only drawback with that approach is, that you MUST use the > containers security implementation. Take tomcat 3.2.x for instance. You > must choose between the simple user.xml file or a db-table (both must > be configured in server.xml, interceptors section, example is given > there) > > Ok that was many words for simply saying: let the servlet container > take care about seesions and don't worry about them yourself. > > One thing for tomcat 3.x (is it true for 4.x also?): If you want to > avoid sessions because you observed that response time with sessions on > is slow then this is due to the fact that session ids are generated > with a secure random generator. This generator needs some seconds to > generate the very 1st number, but later on it's fast. So every time > you start your servlet-container the first call of any user with > session on takes unusually long. > > Peter > > ___________________________________________________________________________ > To unsubscribe, send email to [EMAIL PROTECTED] and include in the body > of the message "signoff SERVLET-INTEREST". > > Archives: http://archives.java.sun.com/archives/servlet-interest.html > Resources: http://java.sun.com/products/servlet/external-resources.html > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html > > ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
