Hi, I was wondering what would be a good design for authentication and then retrieve or create a proper HttpSession for the correct user. Do I use session.putValue("userID", thisID)?
posted 15 years ago
I've seen that approach used by lots of people . In the servlet 2.2 spec, authentication should/is provided by the container (server) so the ServletRequest.getUserPrincipal would return the user object.