wood burning stoves 2.0*
The moose likes Servlets and the fly likes How to validate user's session while accessing other pages? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "How to validate user Watch "How to validate user New topic
Author

How to validate user's session while accessing other pages?

Viswa Rama
Greenhorn

Joined: Mar 19, 2012
Posts: 4
Hi I have 2 servlets, Authentication Servlet and Application Servlet. I am checking user credentials against active directory (LDAP). Upon successful login attempt, user is redirected to the right welcome page. In the welcome page, I have a form with a submit button. When the user submits the form, it will hit the Application Servlet's doPost(). My question is, how will i check if the user's session is active before serving the form request?

I only have the session object available in Authentication Servlet, but my application Servlet does not know about it. Do i need to maintain any persistance in my code apart from the HttpSession's API? Can someone help me?

Thanks
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
An HttpSession is valid and accessible for all servlets that are part of the same web app, not just the one that started it. Have you tried accessing the session from the other servlet?
Viswa Rama
Greenhorn

Joined: Mar 19, 2012
Posts: 4
Tim,

Thanks for your quick reply and it was a good piece of information.

I am able to see the session object in the other servlet. So the httpsession's scope is across webapp, not just servlet cool.

Thank you so much.
Amit Ghorpade
Bartender

Joined: Jun 06, 2007
Posts: 2716
    
    6

Viswanadh Ramadugu wrote:Tim,

So the httpsession's scope is across webapp, not just servlet cool.


This statement is a bit confusing because yes, the session object is accessible for all the resources that the web-app has. But that does not mean that scope of the session is same as the application scope.
The session object is destroyed with the session. Also there are multiple session objects which are mutually exclusive. That means if I store a certain value in one user's session object, I cannot access it from other user's session object.
Both the above mentioned things can be done by a application context object, which has the widest scope in the web-app.


SCJP, SCWCD.
|Asking Good Questions|
Viswa Rama
Greenhorn

Joined: Mar 19, 2012
Posts: 4
Amith,

I am in the page same page. May be my wordings are little amateur. Your explanation gives a lot of clarity though.

Thank You
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to validate user's session while accessing other pages?
 
Similar Threads
How to set a user's role
Best practice for secure login authorisation
AJAX
How to save the login ID as a session attribute ?
Spring jQuery form submit request.getSession(false) returns session but with a new session id