I am unable to pass a "session" from one page to the next page. For example, I am working on a "personal" project. A customer enters his/her ID number and password, and my
SERVLET program "ServletProgramFileName.java" manages to find the customer from the database, create a session for the customer, and register the customer with the session generated:
BookCustomer customer = BookCustomer.findCustomer
(customerID, dataBase);
(This step is successfully done, and I create a session: )
HttpSession session = request.getSession(true);
session.putValue("Customer", customer);
(The customer object has a key name which is Customer.)
Then, in accordance with the customer's request for viewing IT books, the request is forwarded to a JavaServer Page "ITBooksPage.jsp" by the following statement:
if (request.getParameter("itbooks") != null) {
gotoPage("/books/ITBooksPage.jsp", request, response); }
private void gotoPage(
String address,
HttpServletRequest request, HttpServletResponse response) {
throws ServletException, IOException {
RequestDispatcher dispatcher =
getServletContext().getRequestDispatcher(address);
dispatcher.forward(request, response);
}
This step is also successfully completed.
However, when I tried to
test if the customer came to ITBooksPage.jsp by first entered ID number and obtained a session, my program tells me that this customer came to the website by the correct route (entered correct ID number and password, and requested to view the ITBooksPage) violates the security check.
I use the following statement to perform the security check:
if (Customer == null) { ...... ; }
I wonder the problem is caused by
A. It is not the correct way to check security; or
B. the session is not passed from the
ServletProgramFileName.java to ITBooksPage.jsp
I believe that all the experts at the JavaRanch with e-commerce experience can easily point out my mistakes. Please.