You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jacob Kjome <ho...@visi.com> on 2003/06/04 00:48:43 UTC
Re: RES: RES: Best Practice: choose between SessionCookie or
just Ses sion
Hmm.... normally the pattern is that someone accesses your controller
servlet which handles the request and then you forward the request to the
.jsp page which provides the view response.
Also, you don't need to use the session for this. Just add the information
to the request using request.setAttribute() and then obtain that data in
your view by request.getAttribute().
I'm really a bit confused by your approach here. It seems backards.
Jake
At 07:03 PM 6/3/2003 -0300, you wrote:
>1 - What is the "correct url"? The right url (example:
>http://userip/tomcatappdirect/first.jsp) which generated a http request to
>my servlet. This way, the user cant directly reach my servlets. So, i guess
>i can create a session in my JSP FORM like this:
>
>HTTPSession se = request.getSession(true);
>se = req.setAttribute ("idsessionconnection", session.getId());
>
>and then, retrieve it in the destination servlet:
>...
>HTTPSession session;
>String sValue = session.getId();
>String id = (String) request.getAttribute("idsessionconnection");
>if (sValue.equals(id)){ ...
>
>So, the question is: since you know my needs, is the above code right?
>If yes, it solve the item 2 too.
>Regards, Euclides.
>
>
>-----Mensagem original-----
>De: Jacob Kjome [mailto:hoju@visi.com]
>Enviada em: terca-feira, 3 de junho de 2003 18:29
>Para: Tomcat Users List
>Assunto: Re: RES: Best Practice: choose between SessionCookie or just
>Session
>
>
>
>At 04:04 PM 6/3/2003 -0300, you wrote:
> >Jacob and James,
> >thanks a lot for your attention!I just need 2 things:
> >1 - find out who generated the http request , so i could compare it against
> >the correct url.
>
>What is the "correct url"? You have some application logic that I am not
>aware of. I can't really help you out until you detail what you mean here.
>
> >2 - to avoid direct http request ( i.e, from browser ), so i would create a
> >session id in the prior JSP and then, search for it into my servlet ( the
> >destination ). Is it clear?
>
>What do you mean "avoid a direct http request"? What is your purpose
>here? I'm afraid it isn't very clear.
>
>Jake
>
> >Regards,
> >Euclides.
> >
> >
> >
> >-----Mensagem original-----
> >De: Jacob Kjome [mailto:hoju@visi.com]
> >Enviada em: terca-feira, 3 de junho de 2003 12:19
> >Para: Tomcat Users List
> >Assunto: Re: Best Practice: choose between SessionCookie or just Session
> >
> >
> >
> >I think you are mixing concepts together. The session cookie simply
> >provides an id that uniquely points to a session. This can also be
> >replaced using URL rewriting of the session id. You don't directly
> >manipulate the session id. This is handled by the container. You just
> >grab a session and start adding stuff to it and reading stuff from it.
> >
> >If you are talking about a "remember me" feature, you could place a cookie
> >on the client which is completely and utterly separate from the session
> >cookie which stores some information about how to automatically re-log in
> >without user intervention.
> >
> >I think the latter is what you are looking for.
> >
> >Jake
> >
> >At 11:48 AM 6/3/2003 -0300, you wrote:
> > >Hi , friends. This is a important best practice question for me. My
>project
> > >has a web form which is showed and filled ( by the user) after an
>external
> > >authentication process. The question is: should i generate a session
>Cookie
> > >that will be recovered by my following servlet or just generate any
>session
> > >parameter ( which will be recovered later too ), since i guess i only
>need
> > >to control the whole internal process.
> > >Thanks in advance,
> > >Euclides.
> > >
> > >---------------------------------------------------------------------
> > >To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > >For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org