发表新帖
发表新帖

java session management

后端 未结
关注
3 1513
-上瘾入骨i
-上瘾入骨i 2020-12-18 11:39

I am working on a small webapp for fun, using just Java Servlets at the moment. I have two pages, test1 and test2. At the moment I am creating a new session in test1 like th

相关标签:
3条回答
  • 灰色年华
    2020-12-18 12:01

    This makes no sense. Forget the request.getSession(boolean). Just get the session by request.getSession() and never worry about the nullness/validness.

    If you want to pass data through session attributes, then just do in test1:

    request.getSession().setAttribute("test", "foo");

    and in test2 (which is of course requested in the same session after test1):

    String test = (String) request.getSession().getAttribute("test"); // Returns "foo".

    Edit: As to using the session to check the logged-in User, just do something like in the login code:

    User user = userDAO.find(username, password);
if (user != null) {
    request.getSession().setAttribute("user", user);
} else {
    // Show error?
}

    and then in a Filter which is mapped on a url-pattern which represents the restricted area, just check if the User is present or not:

    if (((HttpServletRequest) request).getSession().getAttribute("user") != null) {
    chain.doFilter(request, response); // Just continue.
} else {
    ((HttpServletResponse) response).sendRedirect("login"); // Not logged-in, redirect to login page.
}

    and when you logout, you just remove the User from the session:

    request.getSession().removeAttribute("user");

// Or, more drastically:
request.getSession().invalidate();

    Alternatively you can also take a look for declarative Container Managed Security with help of some simple entries in web.xml and the server.xml. This way you don't need to hassle with login/filter logic yourself.

    0 讨论(0)
  • 無奈伤痛
    2020-12-18 12:16

    If you want to restrict the flow to ensure that test1 comes before test2, have test1 put an attribute value in the session that says it's been visited, and test for that attribute value in test2. If the value is not there, have test2 redirect to test1.

    In test1, do this:

    HttpSession session = request.getSession();
session.setAttribute("test1",true);

    Then, in test2, you can do this:

    HttpSession session = request.getSession();
if (session.getAttribute("test1") == null){
    response.sendRedirect("test1");
    return;
}
    0 讨论(0)
  • [愿得一人]
    2020-12-18 12:20

    A session is just a basket that starts out empty. The concept of whether a user is authenticated or not is separate from whether or not the user has a session.

    Java EE and the servlet specifications handle all the login stuff for you, redirecting to login pages and so on. Read up on the built-in capabilities of Java EE. Maybe start here.

    0 讨论(0)
 看不清?
提交回复
热议问题