This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
Hi Everyone, I am currently working on one erp development which include development of many form using jsp and servlet. I have set the session time is 10 min. Suppose user doing work on one form and for any reason his session is ended,he will automatically looged off. Now my need is- when user login again,he should show the previous page where he had working and the same incomplete data that he had been entered in previous page. I have know the basic concept of session in servlet. Is anyone can give me specific url where i can get all this information or any help? Any valuable suggestion is highly apprteciated.
Hi Satish and Bear Bibeault, Thank you very much for your reply. Can you give me more specific information or url so that i can easily get information Or can you give me more specific word for google Searching.
Originally posted by Pat Farrell: I'll agree that cookies are a pain, but hidden form parameters that contain data are a huge security hole. Never trust the client.
I absolutely agree with you with regards to sensitive data, but in this case it merely needs to record the original URL and any params which originated on the client and were already exposed and don't really need any protection.
Joined: May 29, 2008
Hi Pat Farrell , I serched on google for how to generate a nonce in java but unable to find required document. Can you give me more specific regarding to above issue i.e how to shows the incomplete form data. Thanks for your co-operation. regards Harshal
Any data that was entered on the web page, but not submitted to the server is lost. JEE isn't client/server, so the server only knows what the client tells it.
If you (re-)submit a form that's bound to a timed-out session, that's different, since the client still has the data, but if you've closed the form, it's Game Over.
Normally, what I do is bind the work in progress to the user ID and store it in a workspace on persistent store. If you prefer, you can reduce the overhead by using an ORM and/or a session timeout listener to flush the session data to backing store only when necessary. Then, when the user logs back in, reload the session from backing store.
Depending on the security framework used, attempting to submit a form for a timed-out session might require some additional cleverness, since some systems will discard the form when they navigate to the login page and some will just temporarily side-track it.
An IDE is no substitute for an Intelligent Developer.