In my application, I have made changes to context.xml of my Tomcat server to disable cookies, as I was having wrong session data comming up in my popup window. But after making the changes , I am assuming my user session gets destroyed. I understand I should use URL encoding or some technique to retain user logged in across the pages. But I dont know the right way of doing it. I am new to jspservlet applications and I am using Spring MVC framework to develop my application. I am learning everything and building my application. Please give your inputs on what is the best way of mainting user session across the pages and also have it secured.
yes I did, basically, I was maintaining user logged on status in the session attribute. when I make cookies false, session.getAttribute is returning null and I get an exception. if i enable it. it works fine. I need to have user name atleast to be shown on each page and also, a variable to say user is logged on on every page and during inactivity time out this is set to not logged on or something. I am quiet not sure how generally user session management is implemented in web applications.
yes, I am passing the user name and a new parameter status which says if the user is still logged in. I pass these two parameters with the URL to every page after user has logged in. Along with that I have kept a session time out, wich wil redirect to login page.
Let me know your suggestions on it.