aspose file tools*
The moose likes EJB and other Java EE Technologies and the fly likes JSESSION and taking User Info Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of JavaScript Promises Essentials this week in the JavaScript forum!
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "JSESSION and taking User Info" Watch "JSESSION and taking User Info" New topic
Author

JSESSION and taking User Info

Andres Gorostidi
Greenhorn

Joined: Aug 05, 2003
Posts: 3
Please, let me known if I am wrong of not:
With form based authentication, I only have to protect a resourse, and then specify form based authentication. A web container must implement a form with a POST action with the distniguised pseudo URL j_security_check, wich takes username and password parameters with the defined names j_username and j_password.
The container will force the user to authenticate by submitting the login form.
Then, a HTTPSESSION will be created, and mantained with the JSESSION cookie. Is true that, afterthat, the form is no longer submitted since I already have the data onf the authenticated user on the JSESSION ? Could I access to the data (getUserName) of the user only trough that session ?
If so, since the data of the session is stored on the JSESSION cookie.. What happens If I get redirected to another WebLogic Server ? What happens if a open antoher applicatoon on that server (or a different one) that has his own session ?


-----------------<br />Andres Gorostidi<br />andres_gorostidi@hotmail.com
Lasse Koskela
author
Sheriff

Joined: Jan 23, 2002
Posts: 11962
    
    5
Then, a HTTPSESSION will be created, and mantained with the JSESSION cookie. Is true that, afterthat, the form is no longer submitted since I already have the data onf the authenticated user on the JSESSION ? Could I access to the data (getUserName) of the user only trough that session ?
If so, since the data of the session is stored on the JSESSION cookie.. What happens If I get redirected to another WebLogic Server ? What happens if a open antoher applicatoon on that server (or a different one) that has his own session ?

The data is not stored on the cookie. The data is stored using the session ID, a piece of string, as a key for later access. Once you've created a session ID, you don't need to submit any login forms unless you want to perform another authentication.
Yes, the user's data can be accessed only through that session. Note that you can only access such user data that you have explicitly stored into the javax.servlet.http.HttpSession.
Regarding the redirection, clustered application servers either don't redirect a request of an existing session to another server instance or replicates the session data so that it doesn't matter which server gets the request.
I'm afraid I didn't quite understand what you're after with "What happens if a open antoher applicatoon on that server (or a different one) that has his own session?"... Would you like to elaborate on it?


Author of Test Driven (2007) and Effective Unit Testing (2013) [Blog] [HowToAskQuestionsOnJavaRanch]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: JSESSION and taking User Info