permaculture playing cards*
The moose likes Servlets and the fly likes Questions about session tracking Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Questions about session tracking" Watch "Questions about session tracking" New topic
Author

Questions about session tracking

Mark Lau
Ranch Hand

Joined: Dec 15, 2001
Posts: 120
I have a web application which requires user registration and login.
I am kinda new to session tracking.
My questions follow:
1. When do I need to create a session object by
HttpSession session=request.getSession(true);
? (The question mark should be here, right? )
Should I do this right after the user's password is verified and logged in?
2. Suppose that a user is successfully logged in, and the session object has been created, and then he clicks "Change My Profile" on the webpage, what should I do? Should I check something with the session object before I connect to the database to get the user's personal information for him to make changes to it?
Barron Greig
Greenhorn

Joined: Jan 26, 2002
Posts: 8
1. The session object is created behind the scenes when that client makes its first request. getSession() is just getting a handle onto the already existing session object.
2. If you are authenticating the user via one of the techniques in the Java Servlet spec (e.g. HTTP basic, digest, form) then you can use the method HttpRequest.getRemoteUser() to get the name of the user that was logged in and use that to look up your database of profile information.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Questions about session tracking
 
Similar Threads
Session exists even before we have logged in
Query regarding Session Tracking
Viewing a list of all active users
Logout and Tomcat Manager application session tracking
Advice on Certification