if you're moving form a secure login html page to a non secure one, session tends to get lost - at least on some servlet engines. zm.
-----Original Message----- From: A mailing list for discussion about Sun Microsystem's Java Servlet API Technology. [mailto:[EMAIL PROTECTED]]On Behalf Of Anthony Diodato Sent: Wednesday, January 23, 2002 10:08 PM To: [EMAIL PROTECTED] Subject: Re: Question - Problem I encoded the url, now it is re-directing to the proper page, but the session I created is null. -----Original Message----- From: Richard Yee [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 23, 2002 3:05 PM To: [EMAIL PROTECTED] Subject: Re: Question - Problem Tony, See http://www.jspinsider.com/faq/32.view It answers the problem of "Why do I lose my session context when doing a response.sendRedirect()?" Answered by: Jayson Falkner Here's the text of the answer: Some browsers do not accept and handle cookies properly. When this happens the jspsessionid cookie may get lost and a new session will be started for the redirected browser. The common solution to this problem is to encode the URL before sending the response. Use response.sendRedirect(response.encodeRedirectURL("/example.jsp")), and substitute the correct resource for the redirect. So, try encoding your URL before you redirect. -Richard At 02:10 PM 1/23/2002 -0500, you wrote: >Hello All, > >Here is my scenario. >I have Tomcat 3.2.4 running on IIS 5.0 > >I have an html page as my entrance to the website. >(http://www.domainname.com/index.html) >On this site is a form to login, with you user name and password. > >When the user clicks submit, they get sent to a servlet that I wrote. >This servlet verify's their username and password, and should re-direct them >to a certain pace depending on who they are. >If I use response.sendRedirect(site); >it sends them to the right webpage, but it doesn't seem like the session is >created. > >I test the page to see if there is a valid session, and I get a Null >Pointer. >Here is what Im doing there. > >if (userSesson.getValue("userName") == null) { > // redirect them to login because the session isn't valid >} else { > // display the page.. >} > >If I use the rd.forward() method >they never get re-directed anywhere > > >Here is my doPost() code... > > String error = null, > site = ("/index.html"); > ServletConfig servletConfig = null; > ServletContext servletContext = null; > RequestDispatcher rd = null; > > public void doPost (HttpServletRequest request, HttpServletResponse >response) throws ServletException, IOException { > > // Get the current session object, create one if necessary > HttpSession userSession = request.getSession(true); > > if (Authenticate.verifyUsername(request.getParameter("userName"))) { > userSession.putValue("userName", >request.getParameter("userName")); > > if >(Authenticate.verifyPassword(request.getParameter("userName"), >request.getParameter("password"))) { > userSession.putValue("password", >request.getParameter("password")); > > if >(Customers.isAcclaim(request.getParameter("userName"))) { > if >(Customers.isWholesale(request.getParameter("userName"))) { > site = "/cocoon/choose.xml"; > } else { > site = "/cocoon/acclaim/index.xml"; > } > } else { > if >(Customers.isWholesale(request.getParameter("userName"))) { > site = "/cocoon/yCust/index.xml"; > } else { > site = "/cocoon/choose.xml"; > } > } > > } else { > error = "We could not match your Password with your >Username, Please re-enter your login information."; > userSession.invalidate(); > } > > } else { > error = "We could not verify your Username, Please re-enter >your login information."; > userSession.invalidate(); > } > > servletConfig = getServletConfig(); > servletContext = servletConfig.getServletContext(); > rd = servletContext.getRequestDispatcher(site); > > rd.forward(request, response); > } > > >What I want to do is this. >I want my servlet to re-direct them to the proper page while passing my >session to it, so I can verify it in my xml pages. > >Any thoughts would be greatly appreciated. >Thanks >Anthony > >Anthony Diodato >Webmaster - IT >Prophet 21, Inc. >19 West College Avenue >Yardley, PA 19067 >1-800-776-7438, ext. 4600 >Fax: 215-321-8014 >[EMAIL PROTECTED] >http://www.p21.com/ >Prophet 21 -- Powering the Distribution Industry for the Digital Age > >For the latest press releases from Prophet 21 -- >http://www.p21.com/press/press.html >* 2/12/2001 - Trading Partner Connect Offers Enterprise-to-Enterprise >(E2E) Commerce >* 2/9/2001 -- Prophet 21 CommerceCenter 8.0 is Now Available >* 2/9/2001 -- Prophet 21 Upgrades and Enhances Prophet 21 Acclaim >For the latest articles on Prophet 21 >http://www.manufacturing.net/magazine/id/archives/2001/ind010.02/techupdate . >htm >http://www.manufacturing.net/magazine/id/develop/techmain01.1.htm >http://www.manufacturing.net/magazine/id/archives/2000/ind1201/news.htm > > > > >Visit our website at http://www.p21.com/visit >The information in this e-mail is confidential and may contain legally >privileged information. It is intended solely for the person or entity to >which it is addressed. Access to this e-mail by anyone else is >unauthorized. If you are not the intended recipient, any disclosure, >copying, distribution, action taken, or action omitted to be taken in >reliance on it, is prohibited and may be unlawful. If you received this >e-mail in error, please contact the sender and delete the material from any >computer. > >___________________________________________________________________________ >To unsubscribe, send email to [EMAIL PROTECTED] and include in the body >of the message "signoff SERVLET-INTEREST". > >Archives: http://archives.java.sun.com/archives/servlet-interest.html >Resources: http://java.sun.com/products/servlet/external-resources.html >LISTSERV Help: http://www.lsoft.com/manuals/user/user.html ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html Visit our website at http://www.p21.com/visit The information in this e-mail is confidential and may contain legally privileged information. It is intended solely for the person or entity to which it is addressed. Access to this e-mail by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution, action taken, or action omitted to be taken in reliance on it, is prohibited and may be unlawful. If you received this e-mail in error, please contact the sender and delete the material from any computer. ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
