I have a problem area similar to a shopping cart premise on an eCommerce site.
I have a 3rd party site who will post an XML document as part of an HTTP request to my server. I am using Struts so I will have the request captured by one of my Action classes. This action class will redirect the user to a login page before they can continue through the site. The XML, as part of the initial request, has to survive past the login page. My initial thought for this was to create a session first, before the login, and store the XML as part of the session. The only downside to this is that if the user decides not to login and closes the browser I will have a session sitting around with data in it until it expires, which may be 30-60 mins.
It is equivalent to a user using Amazon and adding books to their shopping cart. They then proceed to the checkout via a login screen. All the information in the shopping cart is retained in this process post-login. I presume that a session has already been created by the Amazon server during this process so that the book information can be persisted?
Does anyone have any thoughts on best practice for this at all?? The creating of the session would be the most obvious solution to this, but I am not sure it is the most elegant or efficient.
My guess would be to use sessions, similar to the way you described. If you are worried about the session sitting around and wasting resources for too long, set the session time out to a smaller value than 30-60 minutes. You can give them 5 minutes to log in, and then programmatically increase it to something more reasonable once they log in. Assuming the XML file that is being posted isn't extraordinarily huge, it shouldn't be too big of a strain on your server to maintain the session for a little while in the event that the client leaves.
“Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.” - Rich Cook
Alternatively: 1. If the XML is known to be small enough, you could set a cookie on the client browser. That way a session is only created post-login. 2. Make a hidden field on the login form and populate it with the XML. That way, the XML will be re-posted at login.
There are pros and cons to all three solutions (including the session timeout one). Your situation should dictate the best one.