need to set a param that persists across all pages

The use case for the site im working on allows a user to browse pages without first logging in. The user may logon at anytime, and if authenticated, the user gets an extra menu of functionality.

However, the site requires knowledge of the users location for every page (as the location is used on 99% of the pages in some way), so right up front, if the user accesses the site and the locationId is not set, the user is forwarded to a page that asks for the locationId.

At first, I wanted to try and persist the locationId via rewriting the URL but that got to be too cumbersome, so I decided to just put it on the session.

Problem is, if the user enters his locationId which gets stored on the session, when he logs on, the session id changes, so the user is asked once again to enter the info.

Is there a way to detect a sessionid change so I can move the contents of one session to another? im looking at the listeners, but not sure if any of these will do the trick.

thanks... bi||y

Hey,

Whilst this isn't a direct answer I know that Spring uses cookies to save this kind of information and can use it to store information about the Locale and Theme settings which (I think) can be used between session. So maybe using cookies is an option? Here is a link with some basic info on cookies

Sean

Sean Clark wrote:Hey,

Whilst this isn't a direct answer I know that Spring uses cookies to save this kind of information and can use it to store information about the Locale and Theme settings which (I think) can be used between session. So maybe using cookies is an option? Here is a link with some basic info on cookies

Sean

Hey Sean, thanks for the link. I guess I should have mentioned that this is for users that have cookies disabled. The site needs to operate with and without cookies the same way. When cookies are enabled, everything is cool.

The session shouldn't be changed after they've logged in--are you using a server that doesn't share sessions between HTTP and HTTPS by default?

Hey,

I've worked on projects where when a user logs in the session is changed, I think it is to prevent session hijacking of an authenticated users' session. I don't know what security you use, but in Spring Security there is an option to copy all session attributes into the new session? Perhaps you can do something like that to keep your location attributes?

Sean