Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Session Creation

 
Phillipe Rodrigues
Ranch Hand
Posts: 165
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hI,
I'm confused with the session creation with JSP.
For example i'm trying to create a login.jsp with sessions.

we should enter the name and password which is checked with the existing details.If they match they get next page with a new unique session.

With the help of session scope how can we achieve this. How can i get the unique id generation.how should i code it and on to which page (details entry page or second page).

Please help.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sessions are created on your behalf by the container.
This happens automatically in JSP.
All you need to do to work with the session is refer to it using the implicit 'session' object.

Using the newer Expresion Language (EL) you can refer to any scoped variable without knowing the scope to which it is bound.

JSP sessions and a login are not necessarily the same.
Are you interested in writing your own authentication or are you planning to use container managed security? If you're writing it yourself, how are you "checking with the existing details"?
 
Yong Lin
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There are three ways to trace the session.
1.By put a session id in cookie of the client's browser.(default achievement by web server)
2.url-rewriting(if cookie is forbidden)

3.hidden form


Http protocol is stateless,but the web servler will help to avoid it.

By default,tomcat server adopt the first method to trace the session.

In another word,when you visit a page,a session will be created by set a session id in the cookie automaticlly.

When you invoke session.invalidate() explicitly or you do not visit the

web application anymore the current session will expire.

You can set how long the session will expire in tomcat.The default time is 30 minutes.

In a word,you can verify whether the user is loggin by setting a attribute in current session.


Hope a little help and forgive my poor engilish
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic