aspose file tools*
The moose likes Servlets and the fly likes Passing a session from a servlet to a JSP Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Passing a session from a servlet to a JSP" Watch "Passing a session from a servlet to a JSP" New topic
Author

Passing a session from a servlet to a JSP

Stuart Rogers
Ranch Hand

Joined: Oct 02, 2008
Posts: 140
Greetings all,

I'm building a webapp using JSP/sessions/servlets. The webapp will have dozens of concurrent users logged in.

login.jsp gets called from a link on the webapp's home page and contains a form that calls servlet process_login.java .
process_login.java uses the username/passwd info from the form to validate against a database and if valid creates a session and stores some values in it:



Questions: What should I put in myapp_mail.jsp and/or process_login.java so that myapp_main.jsp finds the session corresponding to the person who just logged in? Does this question make sense? If a new session is created for each valid user there could be dozens of sessions floating around - how would myapp_main.jsp know which one to find and then how would it grab that session?

Comments/hints/suggestions/constructive critisism/links/examples are all welcome.

TIA,

Still-learning Steve


Steve Luke
Bartender

Joined: Jan 28, 2003
Posts: 4181
    
  21

You should google for JSP Session Management to learn a lot of details but basically:

1) When a session is created, the next response to the client sends a Cookie with a unique ID for the session for that client
2) When the client sends each new request from then on, it includes the same Cookie with the session ID for its intended Session
3) Part of the pre-processing of the request done by the server is to find that Cookie with ID and associate the proper Session with the request.

So what do you have to do? Really nothing except call request.getSession() or use the scope=session attribute in tags as appropriate.

But like I said, google for session management to learn more - and what to do to prevent clients that have Cookies turned off from breaking.


Steve
Stuart Rogers
Ranch Hand

Joined: Oct 02, 2008
Posts: 140
OK, I can google for that. I'm striving hard to not make use of cookies. Another way might be for process_login.java to create a Bean, but again how would myapp_main.jsp know which Bean (well, instance of Bean to use?

I'll check on this in a few hrs time, gotta run. Thanks for your input.


Still-learning Steve
Steve Luke
Bartender

Joined: Jan 28, 2003
Posts: 4181
    
  21

Stuart Rogers wrote:OK, I can google for that. I'm striving hard to not make use of cookies. Another way might be for process_login.java to create a Bean, but again how would myapp_main.jsp know which Bean (well, instance of Bean to use?

I'll check on this in a few hrs time, gotta run. Thanks for your input.


Still-learning Steve


Do the google for Session Management. You should find links for 'URL Re-writing', which appends the session id to the end of the URLs as special information. If you plan on not using cookies then this is your only choice.
Bauke Scholtz
Ranch Hand

Joined: Oct 08, 2006
Posts: 2458
Stuart Rogers wrote:OK, I can google for that. I'm striving hard to not make use of cookies.
I smell a misunderstanding.

The application server actually makes use of a cookie to make session tracking possible without URL rewriting. Only and only if the client doesn't support cookies, the application server will switch to URL rewriting (jsessionid will be added to the request URL). This way the server will still be able to track the client session.

At any way, to get straight on your question "Passing a session from a servlet to a JSP": the HttpSession is implicitly already available in JSP EL in the form of ${pageContext.session} and its attributes by ${sessionScope.attributeName} or just ${attributeName}.

I would also rather collect all User specific properties together in one User class which you can store as one session attribute, instead of spreading them all out as loose session attributes.
Steve Luke
Bartender

Joined: Jan 28, 2003
Posts: 4181
    
  21

Bauke Scholtz wrote:
The application server actually makes use of a cookie to make session tracking possible without URL rewriting. Only and only if the client doesn't support cookies, the application server will switch to URL rewriting (jsessionid will be added to the request URL). This way the server will still be able to track the client session.


You can usually turn cookies off on the server side as well. For example on Tomcat you can set the Context's cookies attribute to false to force URL rewriting even if the client supports cookies.
Bauke Scholtz
Ranch Hand

Joined: Oct 08, 2006
Posts: 2458
Sure. But based on the the knowledge level of the topicstarter I donĀ“t think that he actually turned off cookies on the server.
Stuart Rogers
Ranch Hand

Joined: Oct 02, 2008
Posts: 140
I was able to get it all working, with a little help from google and my collegues here at JavaRanch.

Thanks to all that replied!

CASE CLOSED

Still-learning Stuart
 
 
subject: Passing a session from a servlet to a JSP