aspose file tools*
The moose likes Servlets and the fly likes Session management  in Servlets Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Session management  in Servlets" Watch "Session management  in Servlets" New topic
Author

Session management in Servlets

Anonymous
Ranch Hand

Joined: Nov 22, 2008
Posts: 18944
basically I have a static Html page which consisits of textbox and continue button. When I press continue
a servlet gets executed which dynamically opens a new (Second) page which in turn has one more textbox and Submit button.
Now I open another separeta instance of my browser and copy and paste the url I got by pressing my first static Html page. I directly get my second Html page. I don't want to allow the user to do this. How should I go about in my code to avoid user copying and pasting the Url where in they can directly goto the second page skipping my first page.
It is like storing the Url of login page and directly going to the main web page without entering userid and password.
Hope u all understood my prob.
Please help me....
Frank Carver
Sheriff

Joined: Jan 07, 1999
Posts: 6920
The problem is that the behaviour of browsers is not fully specified. Your browser obviously shares all its cookies between all open windows; some browsers have separate cookie sets for each window.
There are some situations where you want shared cookies (an application which uses several windows for different purposes, for example), and some where you want separate cookies (an application where you need several concurrent "sessions", for example).
Unfortunately, I know of no way of configuring a browser to specify one or the other behaviour.


Read about me at frankcarver.me ~ Raspberry Alpha Omega ~ Frank's Punchbarrel Blog
Anonymous
Ranch Hand

Joined: Nov 22, 2008
Posts: 18944
Sounds like you need to use the Session Tracking API. I'm just beginning to learn this so bear with me.
Basically, every user of a site is associated with a javax.servlet.http.HttpSession object that servlets can use to store and retrieve information about that user in a persistent cookie. Using this you can check to see if the user has previously logon or entered your first page by creating an unique session id when the user first opens your first page. If they skip to your second page then the unique session id won't be their and you can send them back to your first page.
You can find an excellent explanation of all this in Java Servlet Programming by Jason Hunter and/or look at the examples at: http://www.oreilly.com/catalog/jservlet/examples/index.html
Specifically you want the code from Chapters 7 and 8.
You can also look at Java's tutorial on session tracking:
http://web2.java.sun.com/docs/books/tutorial/servlets/client-state/index.html
Hope that helps.
Yoo-Jin.
[This message has been edited by Yoo-Jin, Lee (edited July 21, 2000).]
Tony Alicea
Desperado
Sheriff

Joined: Jan 30, 2000
Posts: 3222
    
    5
Just a note that if the user has cookies disabled, the session tracking switches to using URL re-writing. This last one works always although it's more inefficient.


Tony Alicea
Senior Java Web Application Developer, SCPJ2, SCWCD
Frank Carver
Sheriff

Joined: Jan 07, 1999
Posts: 6920
Even URL rewriting still allows a user to copy/paste the URL into another window and then have two windows on the same "session".
This is one of the biggest problems with using a Web browser as a generic User Interface. There is nothing analogous to the "window handle" which is found in all other window-based User Interface systems.
Tony Alicea
Desperado
Sheriff

Joined: Jan 30, 2000
Posts: 3222
    
    5
Interesting point, Frank; Thanks!
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Session management in Servlets