Tomcat to read cookies on session start?

[Jeremy Pierson <jp...@isolvetechnologies.com>]

I need to create a new object and load it into the session attributes 
whenever a new session is created.  To make this more interesting, this 
object needs to check for information stored in a cookie sent by the 
browser (stored from a prior visit) and fetch any related information 
from a database.

I can use a HttpSessionListener to create an object and add it to the 
session whenever a new session is created, but the SessionListener (and 
the Session it gives access to) do not give access to an 
HttpServletRequest object.  So how can I check for cookies or even the 
RemoteUser?  These two required resources ARE available in the 
HttpServletRequest object, but there is no means of getting to that 
object from an HttpSessionListener, is there?

Is a servlet Filter my only option?  I'm running Tomcat 4.0.1.

In case you're wondering, I don't want to *require* users to login to 
make these saved settings available, if they choose to use cookies.  
They are only required to login to perform tasks that modify certain 
data, or read restricted information.

Many thanks in advance!

-jeremy-

--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>

Re: Tomcat to read cookies on session start?

[Jeremy Pierson <jp...@isolvetechnologies.com>]

On Thursday, November 15, 2001, at 12:49 PM, Craig R. McClanahan wrote:

>
>
> On Thu, 15 Nov 2001, Deacon Marcus wrote:
>
>> Date: Thu, 15 Nov 2001 06:52:57 +0100
>> From: Deacon Marcus <de...@wwtech.pl>
>> Reply-To: Tomcat Users List <to...@jakarta.apache.org>
>> To: Tomcat Users List <to...@jakarta.apache.org>
>> Subject: RE: Tomcat to read cookies on session start?
>>
>> Hi,
>>
>>> -----Original Message-----
>>> From: Jeremy Pierson [mailto:jpierson@isolvetechnologies.com]
>>> Sent: Thursday, November 15, 2001 4:52 AM
>>> To: tomcat-user@jakarta.apache.org
>>> Subject: Tomcat to read cookies on session start?
>>>
>>>
>>> I need to create a new object and load it into the session attributes
>>> whenever a new session is created.  To make this more interesting, 
>>> this
>>> object needs to check for information stored in a cookie sent by the
>>> browser (stored from a prior visit) and fetch any related information
>>> from a database.
>>>
>>> I can use a HttpSessionListener to create an object and add it to the
>>> session whenever a new session is created, but the SessionListener 
>>> (and
>>> the Session it gives access to) do not give access to an
>>> HttpServletRequest object.  So how can I check for cookies or even the
>>> RemoteUser?  These two required resources ARE available in the
>>> HttpServletRequest object, but there is no means of getting to that
>>> object from an HttpSessionListener, is there?
>>>
>>> Is a servlet Filter my only option?  I'm running Tomcat 4.0.1.
>>>
>>> In case you're wondering, I don't want to *require* users to login to
>>> make these saved settings available, if they choose to use cookies.
>>> They are only required to login to perform tasks that modify certain
>>> data, or read restricted information.
>>>
>>> Many thanks in advance!
>>>
>>> -jeremy-
>>
>> IMO the best option would be to create a filter checking if(
>> session.isNew() ) { doSomething(); }. Of course, that'd make it 
>> 2.3-only.
>>
>> BTW, that's a very good point - when session is created, it's created
>> because of an incoming request, so it would be a nice addition 
>> something
>> like HttpSessionEvent.getRequest() to get the request causing session's
>> creation in HttpSessionListener.sessionCreated()? Anyone working on 
>> Servlets
>> 2.4 specs here, what do you think?
>
> More precisely, a session is created because the application told it 
> to --
> by calling request.getSession() -- not because the request happened to
> come in.  I would put the cookie-reading logic in the same place that 
> the
> session-creation logic lives.

*Any* jsp page or servlet can cause a new session, so you'd have to put 
this logic in *all* of them -- or use a filter (which I have), or 
rewrite your own Catalina classes to pass the HttpServletRequest object 
to the HttpSessionListener.

A session listener is the ideal choice for implementing logic that you 
want to occur regardless of which page/servlet triggered the session's 
creation.

I am currently using a filter to accomplish this, but it requires a more 
code and checking.  Also, once the user *does* authenticate, these 
variables must be reloaded (in case the user logged out and back in as 
somebody else).  An AuthenticationListener would also be very helpful.  
Otherwise, I'm back to using filters, or writing a new Authenticator.  I 
have *NO* problems with the FormAuthenticator that ships w/ Tomcat, but 
it'd be nice if I could have it call some other components to do a few 
things after the session has been authenticated.

-jeremy-

>>
>> Greetings, deacon Marcus
>>
>
> Craig
>
>
> --
> To unsubscribe:   <ma...@jakarta.apache.org>
> For additional commands: <ma...@jakarta.apache.org>
> Troubles with the list: <ma...@jakarta.apache.org>
>


--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>

RE: Tomcat to read cookies on session start?

["Craig R. McClanahan" <cr...@apache.org>]

On Thu, 15 Nov 2001, Deacon Marcus wrote:

> Date: Thu, 15 Nov 2001 06:52:57 +0100
> From: Deacon Marcus <de...@wwtech.pl>
> Reply-To: Tomcat Users List <to...@jakarta.apache.org>
> To: Tomcat Users List <to...@jakarta.apache.org>
> Subject: RE: Tomcat to read cookies on session start?
>
> Hi,
>
> > -----Original Message-----
> > From: Jeremy Pierson [mailto:jpierson@isolvetechnologies.com]
> > Sent: Thursday, November 15, 2001 4:52 AM
> > To: tomcat-user@jakarta.apache.org
> > Subject: Tomcat to read cookies on session start?
> >
> >
> > I need to create a new object and load it into the session attributes
> > whenever a new session is created.  To make this more interesting, this
> > object needs to check for information stored in a cookie sent by the
> > browser (stored from a prior visit) and fetch any related information
> > from a database.
> >
> > I can use a HttpSessionListener to create an object and add it to the
> > session whenever a new session is created, but the SessionListener (and
> > the Session it gives access to) do not give access to an
> > HttpServletRequest object.  So how can I check for cookies or even the
> > RemoteUser?  These two required resources ARE available in the
> > HttpServletRequest object, but there is no means of getting to that
> > object from an HttpSessionListener, is there?
> >
> > Is a servlet Filter my only option?  I'm running Tomcat 4.0.1.
> >
> > In case you're wondering, I don't want to *require* users to login to
> > make these saved settings available, if they choose to use cookies.
> > They are only required to login to perform tasks that modify certain
> > data, or read restricted information.
> >
> > Many thanks in advance!
> >
> > -jeremy-
>
> IMO the best option would be to create a filter checking if(
> session.isNew() ) { doSomething(); }. Of course, that'd make it 2.3-only.
>
> BTW, that's a very good point - when session is created, it's created
> because of an incoming request, so it would be a nice addition something
> like HttpSessionEvent.getRequest() to get the request causing session's
> creation in HttpSessionListener.sessionCreated()? Anyone working on Servlets
> 2.4 specs here, what do you think?

More precisely, a session is created because the application told it to --
by calling request.getSession() -- not because the request happened to
come in.  I would put the cookie-reading logic in the same place that the
session-creation logic lives.

>
> Greetings, deacon Marcus
>

Craig


--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>

RE: Tomcat to read cookies on session start?

[Deacon Marcus <de...@wwtech.pl>]

Hi,

> -----Original Message-----
> From: Jeremy Pierson [mailto:jpierson@isolvetechnologies.com]
> Sent: Thursday, November 15, 2001 4:52 AM
> To: tomcat-user@jakarta.apache.org
> Subject: Tomcat to read cookies on session start?
>
>
> I need to create a new object and load it into the session attributes
> whenever a new session is created.  To make this more interesting, this
> object needs to check for information stored in a cookie sent by the
> browser (stored from a prior visit) and fetch any related information
> from a database.
>
> I can use a HttpSessionListener to create an object and add it to the
> session whenever a new session is created, but the SessionListener (and
> the Session it gives access to) do not give access to an
> HttpServletRequest object.  So how can I check for cookies or even the
> RemoteUser?  These two required resources ARE available in the
> HttpServletRequest object, but there is no means of getting to that
> object from an HttpSessionListener, is there?
>
> Is a servlet Filter my only option?  I'm running Tomcat 4.0.1.
>
> In case you're wondering, I don't want to *require* users to login to
> make these saved settings available, if they choose to use cookies.
> They are only required to login to perform tasks that modify certain
> data, or read restricted information.
>
> Many thanks in advance!
>
> -jeremy-

IMO the best option would be to create a filter checking if(
session.isNew() ) { doSomething(); }. Of course, that'd make it 2.3-only.

BTW, that's a very good point - when session is created, it's created
because of an incoming request, so it would be a nice addition something
like HttpSessionEvent.getRequest() to get the request causing session's
creation in HttpSessionListener.sessionCreated()? Anyone working on Servlets
2.4 specs here, what do you think?

Greetings, deacon Marcus


--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>