This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I'm using HttpSession objects for an on-line form HttpSession session = request.getSession(true); session.setAttribute("test", test); Where the attribute "test" is a javabean that stores all of the data associated with the session. During each subsequent request(or step), I do the getSession method-if its new-I invalidate the session. And I also use the following method to get the bean: TestSql test = (TestSql)session.getAttribute("test"); I use a request dispatcher to forward to a jsp page. The jsp page uses <jsp:useBean id="test" class="TestSql" scope="session"/> and uses data from the bean. My question is ---- am I tracking sessions properly- I mean- should I use URL-rewriting or hidden fields to generate and store session id's to identify them to the server. I've had no problems so far(all of the data has been correct), but I'm wondering if I still need to implement a session tracking mechanism in addition to the java bean attributes.Thanks in advance.