It's not a secret anymore!
The moose likes Servlets and the fly likes Questions about session tracking Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Questions about session tracking" Watch "Questions about session tracking" New topic

Questions about session tracking

Mark Lau
Ranch Hand

Joined: Dec 15, 2001
Posts: 120
I have a web application which requires user registration and login.
I am kinda new to session tracking.
My questions follow:
1. When do I need to create a session object by
HttpSession session=request.getSession(true);
? (The question mark should be here, right? )
Should I do this right after the user's password is verified and logged in?
2. Suppose that a user is successfully logged in, and the session object has been created, and then he clicks "Change My Profile" on the webpage, what should I do? Should I check something with the session object before I connect to the database to get the user's personal information for him to make changes to it?
Barron Greig

Joined: Jan 26, 2002
Posts: 8
1. The session object is created behind the scenes when that client makes its first request. getSession() is just getting a handle onto the already existing session object.
2. If you are authenticating the user via one of the techniques in the Java Servlet spec (e.g. HTTP basic, digest, form) then you can use the method HttpRequest.getRemoteUser() to get the name of the user that was logged in and use that to look up your database of profile information.
I agree. Here's the link:
subject: Questions about session tracking
It's not a secret anymore!