How to validate user's session while accessing other pages?
Viswa Rama
Greenhorn
Joined: Mar 19, 2012
Posts: 4
posted
0
Hi I have 2 servlets, Authentication Servlet and Application Servlet. I am checking user credentials against active directory (LDAP). Upon successful login attempt, user is redirected to the right welcome page. In the welcome page, I have a form with a submit button. When the user submits the form, it will hit the Application Servlet's doPost(). My question is, how will i check if the user's session is active before serving the form request?
I only have the session object available in Authentication Servlet, but my application Servlet does not know about it. Do i need to maintain any persistance in my code apart from the HttpSession's API? Can someone help me?
Thanks
Tim Moores
Rancher
Joined: Sep 21, 2011
Posts: 2407
posted
0
An HttpSession is valid and accessible for all servlets that are part of the same web app, not just the one that started it. Have you tried accessing the session from the other servlet?
Viswa Rama
Greenhorn
Joined: Mar 19, 2012
Posts: 4
posted
0
Tim,
Thanks for your quick reply and it was a good piece of information.
I am able to see the session object in the other servlet. So the httpsession's scope is across webapp, not just servlet cool.
So the httpsession's scope is across webapp, not just servlet cool.
This statement is a bit confusing because yes, the session object is accessible for all the resources that the web-app has. But that does not mean that scope of the session is same as the application scope.
The session object is destroyed with the session. Also there are multiple session objects which are mutually exclusive. That means if I store a certain value in one user's session object, I cannot access it from other user's session object.
Both the above mentioned things can be done by a application context object, which has the widest scope in the web-app.
0
cool.
