You are right, this is not very efficient, I strongly suggest using
servlets. If you do you can
place all user info you would possibly need in an httpsession.
You can in fact create a new session after athentication, you can also
create a class
containing the attributes you want to save on each session (e.g. name,
address, sex,
access code etc.).
For example:
// this is your function to verify the user agains your DB
if CheckUser(loginname, password)
{
HttpSession websession = request.getSession(true);
// Sessions is a user made class that contains the
// methods and properties you want the session to have.
Sessions thissession = new Sessions();
// 30 minutes
websession.setMaxInactiveInterval(1800);
String sessid;
// Just replace this method with one of yours.
sessid=GenericTools.generateRandomSessionCode(25);
websession.putValue("mysession",thissession);
((Sessions)websession.getValue("mysession")).setSessionCode(sessid);
((Sessions)websession.getValue("mysession")).setName(login_name);
}
getting information from your session is equally easy:
HttpSession websession = request.getSession(true);
if (websession.getValue("mysession")!=null)
{
login_name=((Sessions)websession.getValue("mysession")).getName();
}
Of course your Sessions class must have the setSessionCode, setName and
getName methods.
Hope this helps.
json
At 05:41 PM 12/18/01 -0800, you wrote:
>If anyone solves this it would be a great help to me as well. I am
>currently using a clumsy work around that doesn't always work.
>
>I have a User object that contains a lot of information about the users
>that could be very useful on various pages. I'd like to simply fill this
>object and add it to the session upon authentication for later use. I
>haven't found a way to do that yet.
>
>My work around is to do a pageContext.include() of a jsp that does the
>following on every page.
>
> String name = request.getRemoteUser();
> User user = (User)session.getAttribute("USER_OBJECT");
> if(name!=null&&user==null) {
> user = User.getUserByName(datasource, name);
> session.setAttribute("USER_OBJECT", user);
> }
>
>This has two problems though.
>1) It's a waste of time to have to do this on every page.
>2) It can create a race condition if the page it's include in needs to use
>the User object immediately. If I do the following the User object
>generally ends up being null.
>
> pageContext.include("login.jsp");
> User user = (User)session.getAttribute("USER_OBJECT");
>
>I think the ability to do this properly would be a great help to a lot of
>people and contribute to cleaner and faster servlet and jsp applications.
>Being able to specify a method that takes the username and password to be
>run on successful authentication would do it.
>
>-Cavan
>
>----- Original Message -----
>From: "Jon Weinberg" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Tuesday, December 18, 2001 4:08 PM
>Subject: Session
>
>
>I am running Tomcat 4.0 with form-based authentication. I would like to
>add some user-specific variables into the session as soon as the user logs
>in (that is, as soon as the user logs in, I want to get the username from
>the form, use it to query my DB, put some results into the user's session,
>and have the user continue on to the page he originally requested.)
>
>I have tried a number of solutions that don't work:
>
>1) I've tried having the login form's action send the info to a servlet
>that does the processing and then forwards the request to
>"j_security_check", but that solution only works in 3.2 and not in 4.0
>
>2) I have attached an HttpSessionListener, but since the session is
>created before the user actually logs in, my listener does not yet have
>the username and cannot complete the preprocessing.
>
>Is there a way for me to execute something right AFTER a user authenticates?
>
>Thanks,
>Jon
>
>
>
>--
>To unsubscribe: <mailto:[EMAIL PROTECTED]>
>For additional commands: <mailto:[EMAIL PROTECTED]>
>Troubles with the list: <mailto:[EMAIL PROTECTED]>
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
