I have a login form whose action is "ProcessLogin.jsp". That page validates the username and password against a database, and if successful it stuffs my valid User object into an App object, and that App object already exists as a session var (by virtue of <jsp:useBean>).
Then all my pages <%@ include file="LoginCheck.jsp" %>, which checks the App object to see if it has a valid User object, and if so, it then checks to see if that user is a member of a group that has access to the current page. It's a little complicated, but it seems to work well when cookies are enabled.
With cookies DISabled, it appears that my session scope App bean is being recreated because the session isn't sticking. In my logs I see the session ID to be one thing, and then on the next page I see a totally different session ID. Incidentally, if I should be seeing a session ID in the URL, I'm not.
Am I going about it completely wrong?
MT
Shapira, Yoav wrote:
Howdy,
Q1 - I'm looking for pointers to examples or documents. I see where
the
spec requires that capability, but I don't know the correct way to exercise it. Does it just mean that I wrap every <form action=""> url and every reponse.sendRedirect() with encodeUrl()?
No, you don't need to worry about it. The server rewrites the URL automatically.
Q2 - If you got to http://mycompany.com/index.jsp, you see "Welcome Guest". As a very simple example, I want
http://mycompany.com/johnsmith
to become something like http://mycompany.com/portal.jsp?username=johnsmith. Then when John Smith uses his special URL, he'll see "Welcome John Smith". I can do everything but the automagic URL mapping. It would be good enough just for the URL to be rewritten to the second one above, but the ultimate would be for the URL to remain in the simple form first listed.
The Apache URL rewriter is excellent for this. But you can do it in tomcat-standalone as well, with a filter as I mentioned. Map the filter to /*. Have the filter inspect the request URI and convert /x to /portal.jsp?username=x unless x is in a set of resources (probably obtained from ServletContext#listResourcePaths or whatever that method is called).
Yoav Shapira
This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
