No its completely different. Unlike the sample JSP code you included we do
not verify the user on
subsequent pages, you rely on the fact that you have already assigned a
unique session code
to the session and have presumably authenticated the user, therefore all
you need to do is check
if the user has an existing valid session that you made, if yes then
proceed with the processing
of subsequent pages, if not then show a log-on page.
You can have something like this:
HttpSession websession = request.getSession(true);
if (websession.getValue("mywebsession")==null || websession.isNew())
{
//Check User Code or page.
}
else
{
//Process other pages...
}
There is no race condition issue at all.
json
At 06:46 PM 12/18/01 -0800, you wrote:
>I'm pretty sure that this is the same thing I described you just wrote all
>the servlet code yourself instead of having the jsp engine do it for
>you. That still leaves the ugly and race condition problems I
>described. Am I wrong?
>
>-Cavan
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
