File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JSP and the fly likes Basic Session Validation Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "Basic Session Validation" Watch "Basic Session Validation" New topic

Basic Session Validation

Dave Wingate
Ranch Hand

Joined: Mar 26, 2002
Posts: 262
I'm new to JSP and am trying to get my first project up an running. I thought I'd start with two basic pages: login.jsp and index.jsp. I wanted to write a scriptlet for the head of index.jsp that would redirect to login if the user was not already logged in. I wrote the following code:

This works just fine for the purpose of redirecting the user . After the above scriptlet, I can print the session suerID and password on the index.jsp page without a problem:
Your user name is: <%= session.getAttribute("UID") %> <br>
Your password is: <%= session.getAttribute("password") %>
The problem is that as soon as I leave the index.jsp page, the next page doesn't find session values for UID or password. Is there something I have to do to get these session variables to persist across multiple jsps? I thought that the calls to session.setAttribute() wuld be enough?

Fun programming etcetera!
Amit Delve
Ranch Hand

Joined: Dec 22, 2003
Posts: 33
I think your session.setattribute() method is not getting called. it is in the "else" clause - if the redirection is taken place in the "if" clause, the "else" would never be called and your session variables will never be set.
I hope i have understood what you are trying to do here.
- Amit.
Dave Wingate
Ranch Hand

Joined: Mar 26, 2002
Posts: 262
Thanks for the comments. I think that setAttribute() is getting called. On the same page, but below the scriptlet in question, I have the JSP print out the session attributes and they are populated with the request values.
I don't think that the calls to setAttribute() being inside the else caluse is the problem here. The logic of the scriptlet is basicly:

I'm redirecting because I don't want the user to get to this page unless he is supplying a user id and password (as part of the request from the login page).
Thanks, and please let me know if you see anything else that strikes you as odd.
jhong jaewon

Joined: Jan 19, 2004
Posts: 3
Some Other Tip.

if ( sessionUserName == null || sessionUserName.equals("") ) {
==> I Think. that is not Good.

if ( sessionUserName == null || sessionUserName.length() < 0 ) {
if ( sessionUserName == null || "".equals(sessionUserName) ) {
==> When String compare. if compared String is null is cause NullPointer Exception.
I agree. Here's the link:
subject: Basic Session Validation
It's not a secret anymore!