I want to add a new HttpHeader to my web application which contains some user authentication info from the login page . I used the servlet api methods to add headers as key value pair to the response but when I read the headers from the request object I could see only the standard http header informations like session id,cooke ,url things like this.I am not able read the headers which I created I want to add it as a common header which is accessible for every servlets in my project so that the user can be validated on each page.
I don't know what I am doing wrong can anybody tell me how can I create a http header like this.
You have only sent the header to the client. There is nothing saying they must send it back to you - it isn't 'persistent'. If this is what you are looking for, you should either set it as a Cookie (which is a persistent header) or store it server-side on the session.
Be wary of sending user data across the internet which is not encrypted. It opens you to possible information stealing or user-spoofing. eg someone listens for a saves your special cookie value, or a user changes the cookie value and 'becomes' someone else.
I guessed. Use a cookie, subject to the warning given - if you do it poorly you could end up opening your site to anyone who wants to get in, making authentication pointless.
Jayesh Lalwani
Ranch Hand
Joined: Nov 05, 2004
Posts: 502
posted
0
Why can't you just store the user information in the session?
0
