This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Servlets and the fly likes Servlet Sessions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Servlet Sessions" Watch "Servlet Sessions" New topic

Servlet Sessions

Anthony Smith
Ranch Hand

Joined: Sep 10, 2001
Posts: 285
In my app if I add some stuff to a session do I have to add it using the RunData object?
It is being sent a type of Servlet with a doPerform(RunData data) function that that takes ina Rundata object.
I am setting some stuff in a session and I used:
data.getSession().setAttribute(current_username, "username");
and it worked but I send it back to the login page do a new submit and hence I loose the sessions variables I created, how can I keep them.
Basically I am doing something where after 3 bad login attempts for a user they are disabled, and they are returned back to the login page telling them that, but each time I return to the login page after less than 3 login attempts the counter for number of bad login attempts gets lost.
jesse harris
Ranch Hand

Joined: Oct 02, 2000
Posts: 62
sometimes if you hard code a URL from another domain the session gets lost, try using a class with fields that contain most of you url and use them to generate urls for images and other resources
raj sekhar
Ranch Hand

Joined: Oct 16, 2001
Posts: 117
...maybe you can just keep the count in a hidden fld on the url. The initial request will contain 0 or 1 and the subsequent requests to the same page, you may increase the value of this fld. In this way, you may not even need to create a session for an user who's not 'IN' yet.
John Fontana
Ranch Hand

Joined: Feb 28, 2002
Posts: 235
I would suggest using a database table. Have a hidden field increment a value in a row, for instance, upon each form submission. This also helps keep things scalable if you need to run the app on multiple vm's.
"If you do what you've always done, you'll get what you've always gotten."
Rishi Singh
Ranch Hand

Joined: Dec 09, 2000
Posts: 321
Hi Anthony,
You can send a formnumber parameter in the queryString and keep it incrementing 0,1,2..In your case the first time the user logs in and enters the wrong password, his username and password is maintained in session.If his passwd is wrong you can allow him three attempts i,e titll the time the formnumber is 2, then you can display a message and show him the login page again.
Anthony Smith
Ranch Hand

Joined: Sep 10, 2001
Posts: 285
My only thing is for multiple users. If I try to login twice and then another person tries and is unsuccessful and I try again in the same sessions I should still be deined.
John Fontana
Ranch Hand

Joined: Feb 28, 2002
Posts: 235
Since you want it to work even if they close their browser and open it again, it would not make sense to use session. You could set a long session timeout, but then they could also disable cookies.
You could also use database to record IP number, and increment a value in another column. This way it does not matter if it is the same userID or not, and also is not affected by closing the browser.
It is sorta covered in the JavaRanch Style Guide.
subject: Servlet Sessions
Similar Threads
Petstore SignOn -- Why No WAF?
Session and RequestDispatcher question
Maintaining sessions
pressing back button after logout shows loggedin contents
session timeout in login page