Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Questions about session tracking

 
Mark Lau
Ranch Hand
Posts: 120
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a web application which requires user registration and login.
I am kinda new to session tracking.
My questions follow:
1. When do I need to create a session object by
HttpSession session=request.getSession(true);
? (The question mark should be here, right? )
Should I do this right after the user's password is verified and logged in?
2. Suppose that a user is successfully logged in, and the session object has been created, and then he clicks "Change My Profile" on the webpage, what should I do? Should I check something with the session object before I connect to the database to get the user's personal information for him to make changes to it?
 
Barron Greig
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
1. The session object is created behind the scenes when that client makes its first request. getSession() is just getting a handle onto the already existing session object.
2. If you are authenticating the user via one of the techniques in the Java Servlet spec (e.g. HTTP basic, digest, form) then you can use the method HttpRequest.getRemoteUser() to get the name of the user that was logged in and use that to look up your database of profile information.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic