Hmm.... normally the pattern is that someone accesses your controller servlet which handles the request and then you forward the request to the .jsp page which provides the view response.
Also, you don't need to use the session for this. Just add the information to the request using request.setAttribute() and then obtain that data in your view by request.getAttribute().
I'm really a bit confused by your approach here. It seems backards.
Jake
At 07:03 PM 6/3/2003 -0300, you wrote:
1 - What is the "correct url"? The right url (example: http://userip/tomcatappdirect/first.jsp) which generated a http request to my servlet. This way, the user cant directly reach my servlets. So, i guess i can create a session in my JSP FORM like this:
HTTPSession se = request.getSession(true); se = req.setAttribute ("idsessionconnection", session.getId());
and then, retrieve it in the destination servlet: ... HTTPSession session; String sValue = session.getId(); String id = (String) request.getAttribute("idsessionconnection"); if (sValue.equals(id)){ ...
So, the question is: since you know my needs, is the above code right? If yes, it solve the item 2 too. Regards, Euclides.
-----Mensagem original----- De: Jacob Kjome [mailto:[EMAIL PROTECTED] Enviada em: terca-feira, 3 de junho de 2003 18:29 Para: Tomcat Users List Assunto: Re: RES: Best Practice: choose between SessionCookie or just Session
At 04:04 PM 6/3/2003 -0300, you wrote: >Jacob and James, >thanks a lot for your attention!I just need 2 things: >1 - find out who generated the http request , so i could compare it against >the correct url.
What is the "correct url"? You have some application logic that I am not aware of. I can't really help you out until you detail what you mean here.
>2 - to avoid direct http request ( i.e, from browser ), so i would create a >session id in the prior JSP and then, search for it into my servlet ( the >destination ). Is it clear?
What do you mean "avoid a direct http request"? What is your purpose here? I'm afraid it isn't very clear.
Jake
>Regards, >Euclides. > > > >-----Mensagem original----- >De: Jacob Kjome [mailto:[EMAIL PROTECTED] >Enviada em: terca-feira, 3 de junho de 2003 12:19 >Para: Tomcat Users List >Assunto: Re: Best Practice: choose between SessionCookie or just Session > > > >I think you are mixing concepts together. The session cookie simply >provides an id that uniquely points to a session. This can also be >replaced using URL rewriting of the session id. You don't directly >manipulate the session id. This is handled by the container. You just >grab a session and start adding stuff to it and reading stuff from it. > >If you are talking about a "remember me" feature, you could place a cookie >on the client which is completely and utterly separate from the session >cookie which stores some information about how to automatically re-log in >without user intervention. > >I think the latter is what you are looking for. > >Jake > >At 11:48 AM 6/3/2003 -0300, you wrote: > >Hi , friends. This is a important best practice question for me. My project > >has a web form which is showed and filled ( by the user) after an external > >authentication process. The question is: should i generate a session Cookie > >that will be recovered by my following servlet or just generate any session > >parameter ( which will be recovered later too ), since i guess i only need > >to control the whole internal process. > >Thanks in advance, > >Euclides. > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
