*
The moose likes Servlets and the fly likes How to achieve session managemetn in servlet for ended session scenario Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "How to achieve session managemetn in servlet for ended session scenario" Watch "How to achieve session managemetn in servlet for ended session scenario" New topic
Author

How to achieve session managemetn in servlet for ended session scenario

Harshal Gurav
Ranch Hand

Joined: May 29, 2008
Posts: 151
Hi Everyone,
I am currently working on one erp development which include development of many form using jsp and servlet.
I have set the session time is 10 min.
Suppose user doing work on one form and for any reason his session is ended,he will automatically looged off.
Now my need is-
when user login again,he should show the previous page where he had working and the same incomplete data that he had been entered in previous page.
I have know the basic concept of session in servlet.
Is anyone can give me specific url where i can get all this information or any help?
Any valuable suggestion is highly apprteciated.

Thanks and Regards
Harshal
Satish Kandagadla
Greenhorn

Joined: Jul 03, 2006
Posts: 27
I think you may need to write a cookie and send it back to the client. When the client is logged in again the cookie should be sent back which should keep the data that was entered previously.

You should find lot of information on how to write a cookie if you google it. Hope this helps.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60774
    
  65

Cookies are a pain to deal with. I'd just carry the values in hidden form parameters.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Harshal Gurav
Ranch Hand

Joined: May 29, 2008
Posts: 151
Hi Satish and Bear Bibeault,
Thank you very much for your reply.
Can you give me more specific information or url so that i can easily get information
Or can you give me more specific word for google Searching.

Thanks and regards
Harshal
Vinod K Singh
Ranch Hand

Joined: Sep 30, 2008
Posts: 198
To show the un-submitted data to user you have to make some mechanism to store the data on client side. Google Gears might be useful in such scenarios.


My Blog
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60774
    
  65

Why use an atomic bomb when a hammer will do?
Vinod K Singh
Ranch Hand

Joined: Sep 30, 2008
Posts: 198
Originally posted by Bear Bibeault:
Why use an atomic bomb when a hammer will do?


To me this requirement looks quite complex. May be I am not able to see the right hammer here

when user login again,he should show the previous page where he had working and the same incomplete data that he had been entered in previous page.
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4646
    
    5

Originally posted by Bear Bibeault:
Cookies are a pain to deal with. I'd just carry the values in hidden form parameters.


I'll agree that cookies are a pain, but hidden form parameters that contain data are a huge security hole. Never trust the client.

A better way is to generate a nonce, and store it on the form as a hidden parameter. Use the nonce as a key to a HashMap that contains the rest of the parameters you want to remember.

No nonce, no remembered values. Got a nonce, retrieve values.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60774
    
  65

Originally posted by Pat Farrell:
I'll agree that cookies are a pain, but hidden form parameters that contain data are a huge security hole. Never trust the client.
I absolutely agree with you with regards to sensitive data, but in this case it merely needs to record the original URL and any params which originated on the client and were already exposed and don't really need any protection.
Harshal Gurav
Ranch Hand

Joined: May 29, 2008
Posts: 151
Hi Pat Farrell ,
I serched on google for how to generate a nonce in java but unable to find required document.
Can you give me more specific regarding to above issue i.e how to shows the incomplete form data.
Thanks for your co-operation.
regards
Harshal
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15952
    
  19

Any data that was entered on the web page, but not submitted to the server is lost. JEE isn't client/server, so the server only knows what the client tells it.

If you (re-)submit a form that's bound to a timed-out session, that's different, since the client still has the data, but if you've closed the form, it's Game Over.

Normally, what I do is bind the work in progress to the user ID and store it in a workspace on persistent store. If you prefer, you can reduce the overhead by using an ORM and/or a session timeout listener to flush the session data to backing store only when necessary. Then, when the user logs back in, reload the session from backing store.

Depending on the security framework used, attempting to submit a form for a timed-out session might require some additional cleverness, since some systems will discard the form when they navigate to the login page and some will just temporarily side-track it.


Customer surveys are for companies who didn't pay proper attention to begin with.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to achieve session managemetn in servlet for ended session scenario
 
Similar Threads
Need Help and Suggestion
Data of previous form gets submitted on refersh
html:checkbox
Help Regarding Cookies and session
Printing a set of JSPs