Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

need to set a param that persists across all pages

 
Billy Vandory
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The use case for the site im working on allows a user to browse pages without first logging in. The user may logon at anytime, and if authenticated, the user gets an extra menu of functionality.

However, the site requires knowledge of the users location for every page (as the location is used on 99% of the pages in some way), so right up front, if the user accesses the site and the locationId is not set, the user is forwarded to a page that asks for the locationId.

At first, I wanted to try and persist the locationId via rewriting the URL but that got to be too cumbersome, so I decided to just put it on the session.

Problem is, if the user enters his locationId which gets stored on the session, when he logs on, the session id changes, so the user is asked once again to enter the info.

Is there a way to detect a sessionid change so I can move the contents of one session to another? im looking at the listeners, but not sure if any of these will do the trick.

thanks... bi||y

 
Sean Clark
Rancher
Posts: 377
Android Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey,

Whilst this isn't a direct answer I know that Spring uses cookies to save this kind of information and can use it to store information about the Locale and Theme settings which (I think) can be used between session. So maybe using cookies is an option? Here is a link with some basic info on cookies

Sean
 
Billy Vandory
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sean Clark wrote:Hey,

Whilst this isn't a direct answer I know that Spring uses cookies to save this kind of information and can use it to store information about the Locale and Theme settings which (I think) can be used between session. So maybe using cookies is an option? Here is a link with some basic info on cookies

Sean


Hey Sean, thanks for the link. I guess I should have mentioned that this is for users that have cookies disabled. The site needs to operate with and without cookies the same way. When cookies are enabled, everything is cool.

 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The session shouldn't be changed after they've logged in--are you using a server that doesn't share sessions between HTTP and HTTPS by default?
 
Sean Clark
Rancher
Posts: 377
Android Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey,

I've worked on projects where when a user logs in the session is changed, I think it is to prevent session hijacking of an authenticated users' session. I don't know what security you use, but in Spring Security there is an option to copy all session attributes into the new session? Perhaps you can do something like that to keep your location attributes?

Sean
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic