aspose file tools*
The moose likes Servlets and the fly likes Steal a session Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Steal a session" Watch "Steal a session" New topic
Author

Steal a session

Bruce Jin
Ranch Hand

Joined: Sep 20, 2001
Posts: 666
I use class URL in my servlet A to retrieve the content of another servlet B.
A and B are in the same application context.
Can I pass the session info of A to B so that B will have A�s session?

Thanks.


BJ - SCJP and SCWCD
We love Java programming. It is contagious, very cool, and lot of fun. - Peter Coad, Java Design

Crazy Bikes created by m-Power
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42264
    
  64
There's no need to pass the session from one servlet to the next - sessions are application-wide. So if a session has been created for a user in servlet A, then it will be available in servlet B as well.


Ping & DNS - my free Android networking tools app
Bruce Jin
Ranch Hand

Joined: Sep 20, 2001
Posts: 666
Thank Ulf.
Note I am using class URL (insider servlet A) to grab the contents of servlet B. B will treat this request (evoked from URL object) as a new browser session.

Maybe I should use RequestDispatcher to include contents of another servlet.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42264
    
  64
While it's possible to make URL (or rather, HttpURLConnection) work in this case, RequestDispatcher is the much more straightforward and performant way to go.
Bruce Jin
Ranch Hand

Joined: Sep 20, 2001
Posts: 666
Thank Ulf:

Could you give a hint as how to make URL (or rather, HttpURLConnection) work in this case?

I tried URL class and could not make it work.

Thanks.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42264
    
  64
It depends a bit on how sessions are handled in your web app. If you have enabled cookies, then the session ID would be transported in a cookie. In that case you'd grab the cookie from the incoming request, and set its value as the value of a header named "Cookie" in the HttpURLConnection.
Bruce Jin
Ranch Hand

Joined: Sep 20, 2001
Posts: 666
Thanks Ulf I will try it.

What is the difference between using URL class and using HttpURLConnection class?

Thanks.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42264
    
  64
What is the difference between using URL class and using HttpURLConnection class?

Looking at their respective javadocs, they don't look remotely related

URL does use HttpURLConnection under the hood, but it doesn't expose any of its more advanced features, e.g. the ability to set and read headers, or to get at the underlying streams.
amarnath nalumachu
Greenhorn

Joined: Feb 10, 2005
Posts: 10
Try Apache HttpClient, it has clean API to read cookies from the request and set it again for a new request...
Bruce Jin
Ranch Hand

Joined: Sep 20, 2001
Posts: 666
It seems to me that the very first time when the servlet is run there is no cookie in the Request. So either HttpURLConnection or Apache HttpClient will not be able to call another servlet and pass the session info to it. So the first time A and B will have different sessions. In subsequent access however A and B will share the same session (B steals a session from A).

It looks like RequestDispatcher is the way to go.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42264
    
  64
Well, the first time a servlet is accessed there can't be cookie, because there is no session. Upon seeing that there is no cookie, a session should be created, which can then be passed on.
Bruce Jin
Ranch Hand

Joined: Sep 20, 2001
Posts: 666
Thanks Ulf.

You have a point. I will try that. Maybe Apache HttpClient already have that logic.
RequestDispather is working very well.
Narendra shah
Ranch Hand

Joined: Feb 28, 2007
Posts: 51
Hi !



Narendra Shah -- SCJP 5
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Steal a session