You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jose Euclides da Silva Junior - DATAPREVRJ <Jo...@rj.previdenciasocial.gov.br> on 2003/06/04 02:07:03 UTC
RES: RES: RES: Best Practice: choose between SessionCookie or jus
t Ses sion
Jake,
my jsp app ( named nivel1.jsp) access my servlet ( named BancoServlet.java
) !
Take a look below at the part of jsp code - the IIS link redirects the
application to BancoServlet:
<%@ page contentType="text/html;charset=windows-1252" session = "true"
isErrorPage="true"%>
<HTML><HEAD><TITLE>Portal de boas dicas</TITLE>
<table width="100%" border="0">
<tr>
<td width="8%">
<div align="center"><img src="images/01.gif" width="40"
height="40"></div>
</td>
<td width="28%"><font size="1" face="Tahoma" color="#065ca5"><a
href="nivel/default.htm" target="_parent"><b>Servidores
de Aplicação</b></a><br>
<% session.setAttribute("idsessionconnection",session.getId());%>
<a
href="http://10.2.4.3:8994/Workspace2-SBPORCLE-context-root/BancoServlet">II
S</a>
....
Part of BancoServlet code is below:
package org.apache.commons.dbcp.jdbc2pool;
import localdobean.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.PrintWriter;
import java.io.IOException;
import java.io.*;
import java.util.Collection;
import java.util.ArrayList;
import java.sql.*;
import org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS;
import javax.sql.DataSource;
public class BancoServlet extends HttpServlet
{
private static final String CONTENT_TYPE = "text/html;
charset=windows-1252";
private DataSource ds;
private String query;
private Dica dica;
public String topico;
public void init(ServletConfig config) throws ServletException
{
super.init(config);
ds = null;
query = null;
String origem = null;
String valorcookie = null;
String endorigem = null;
}
public void service(HttpServletRequest request, HttpServletResponse
response) throws ServletException, IOException
{
BeanPoolConnection bp = new BeanPoolConnection();
ds = bp.conexao();
//ds = bp.ds;
//Connection con = null;
//PreparedStatement pstmt = null;
//ResultSet rs = null;
response.setContentType(CONTENT_TYPE);
String origem = request.getHeader("referer");
// testar sessao;
HttpSession session = request.getSession(true);
String sValue = session.getId();
String id = (String) request.getAttribute("idsessionconnection");
System.out.println ( "sValue " + sValue );
System.out.println ( "id " + id );
if ( id.compareTo(sValue) == 0 )
...
But i got null at id field ! Thats my problem. I thought that i could
recover the session id generated when Nivel1.jsp runned. What should i do?
Thanks again,
Euclides.
-----Mensagem original-----
De: Jacob Kjome [mailto:hoju@visi.com]
Enviada em: terca-feira, 3 de junho de 2003 19:49
Para: Tomcat Users List
Assunto: Re: RES: RES: Best Practice: choose between SessionCookie or
just Ses sion
Hmm.... normally the pattern is that someone accesses your controller
servlet which handles the request and then you forward the request to the
.jsp page which provides the view response.
Also, you don't need to use the session for this. Just add the information
to the request using request.setAttribute() and then obtain that data in
your view by request.getAttribute().
I'm really a bit confused by your approach here. It seems backards.
Jake
At 07:03 PM 6/3/2003 -0300, you wrote:
>1 - What is the "correct url"? The right url (example:
>http://userip/tomcatappdirect/first.jsp) which generated a http request
to
>my servlet. This way, the user cant directly reach my servlets. So, i guess
>i can create a session in my JSP FORM like this:
>
>HTTPSession se = request.getSession(true);
>se = req.setAttribute ("idsessionconnection", session.getId());
>
>and then, retrieve it in the destination servlet:
>...
>HTTPSession session;
>String sValue = session.getId();
>String id = (String) request.getAttribute("idsessionconnection");
>if (sValue.equals(id)){ ...
>
>So, the question is: since you know my needs, is the above code right?
>If yes, it solve the item 2 too.
>Regards, Euclides.
>
>
>-----Mensagem original-----
>De: Jacob Kjome [mailto:hoju@visi.com]
>Enviada em: terca-feira, 3 de junho de 2003 18:29
>Para: Tomcat Users List
>Assunto: Re: RES: Best Practice: choose between SessionCookie or just
>Session
>
>
>
>At 04:04 PM 6/3/2003 -0300, you wrote:
> >Jacob and James,
> >thanks a lot for your attention!I just need 2 things:
> >1 - find out who generated the http request , so i could compare it
against
> >the correct url.
>
>What is the "correct url"? You have some application logic that I am not
>aware of. I can't really help you out until you detail what you mean here.
>
> >2 - to avoid direct http request ( i.e, from browser ), so i would create
a
> >session id in the prior JSP and then, search for it into my servlet ( the
> >destination ). Is it clear?
>
>What do you mean "avoid a direct http request"? What is your purpose
>here? I'm afraid it isn't very clear.
>
>Jake
>
> >Regards,
> >Euclides.
> >
> >
> >
> >-----Mensagem original-----
> >De: Jacob Kjome [mailto:hoju@visi.com]
> >Enviada em: terca-feira, 3 de junho de 2003 12:19
> >Para: Tomcat Users List
> >Assunto: Re: Best Practice: choose between SessionCookie or just Session
> >
> >
> >
> >I think you are mixing concepts together. The session cookie simply
> >provides an id that uniquely points to a session. This can also be
> >replaced using URL rewriting of the session id. You don't directly
> >manipulate the session id. This is handled by the container. You just
> >grab a session and start adding stuff to it and reading stuff from it.
> >
> >If you are talking about a "remember me" feature, you could place a
cookie
> >on the client which is completely and utterly separate from the session
> >cookie which stores some information about how to automatically re-log in
> >without user intervention.
> >
> >I think the latter is what you are looking for.
> >
> >Jake
> >
> >At 11:48 AM 6/3/2003 -0300, you wrote:
> > >Hi , friends. This is a important best practice question for me. My
>project
> > >has a web form which is showed and filled ( by the user) after an
>external
> > >authentication process. The question is: should i generate a session
>Cookie
> > >that will be recovered by my following servlet or just generate any
>session
> > >parameter ( which will be recovered later too ), since i guess i only
>need
> > >to control the whole internal process.
> > >Thanks in advance,
> > >Euclides.
> > >
> > >---------------------------------------------------------------------
> > >To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > >For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org