Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

different path, different sessions!

Posted on 2003-10-24
14
Medium Priority
?
307 Views
Last Modified: 2010-04-01
Currently i am faced with a somewhat annoying problem, i have no idea what i did wrong.
The problem has to do with session tracking,
Currrently, i am coding a site , which inlcudes a logging in function. It should be a on time login. meaning, once he logs in, everywhere he goes in my site, the session variables which was set when he logged in should stay with him (and so the session should also stay with him).

okie. heres the part which gives the problem. Imagine this, i am using frames, the top frame has the table that houses the form for the user to type in his username and pass,  The frame is stored in the root of the web server

heres part of the code;
<form name="form1" method="post" action="<%=response.encodeURL(request.getContextPath()+"/Member/LogInProcess.jsp)%>">
        <table width="100%" border="0" cellspacing="0" cellpadding="0">
          <!--DWLayoutTable-->
          <tr>
            <td height="24" colspan="2" bgcolor="#99CCFF"><font align="left" color="#003399" size="2" face="Arial, Helvetica, sans-serif"><b>Member
              Login</b></font></td>
            <td colspan="3"><font color="#006699" size="2" face="Arial, Helvetica, sans-serif"><a href="Member/classes/SunnyTimes/Member/Register.jsp" target="mainFrame">Register?</a></font></td>
            <td colspan="5"><font color="#006699" size="2" face="Arial, Helvetica, sans-serif"><a href="Member/classes/SunnyTimes/Member/RetrievePass.jsp" target="mainFrame">Forgotten
              your password?</a></font></td>
          </tr>
          <tr>
            <td width="80" height="24" valign="top"><font color="#003399" size="2" face="Arial, Helvetica, sans-serif"><b>Username:</b></font></td>
            <td colspan="2"><input name="Username" type="text" id="Username" size="15"></td>
            <td width="3">&nbsp;</td>
            <td colspan="2" align="center" valign="top"><font color="#003399" size="2" face="Arial, Helvetica, sans-serif"><b>Password:</b></font></td>
            <td width="1">&nbsp;</td>
            <td width="91"><input name="Password" type="password" id="Password3" size="15"></td>
            <td width="47" valign="top"><input type="submit" name="Submit" value="Login"></td>
            <td width="104">&nbsp;</td>
          </tr>
          <tr>
            <td height="0"></td>
            <td width="39"></td>
            <td width="51"></td>
            <td></td>
            <td width="77"></td>
            <td width="9"></td>
            <td></td>
            <td></td>
            <td></td>
            <td></td>
          </tr>
        </table>
      </form>

as you can see.. the form posts to a loginProcess.jsp . That page is situated into another directory (namely "/Membe/LoginProcess.jsp"). I did encode the URL, but it would seem that the session is different there.

Now for the problem,

I have a session variable in the loginprocess.jsp that i set when the user successfully logs in. This session variable is suppose to store the authentication level ( member, admin, moderator) of the user. once the setting of the variable is done, i redirect the page back to the root folder's frame... (the one housing the form that enables the user to log in.) But this time is different, i check the authentication by checking the session variable i set in LoginProcess.jsp. Problem : The value is ALWAYS null....

after some testing, i found out that the session object is always renewed once a page that is not on the same directory of the requesting page. ( and if the page is redirected back, the original session object takes over.)
A graphic representation is as follows

page A, sessionID A, directory A ----gets redirected into (with URL rewriting)-------->
---> page B ,sessionID B directory B.

what i wish to obtain

page A, sessionID A, directory A ----gets redirected into (with URL rewriting)-------->
---> page B ,sessionID A directory B.

Is it possible??

If not, is there a way for me ( a person using frames ) to have a login that enables the user to stay authenticated everywhere he goes in my site (irregardless of which page in which directory)


Thanks. Advice needed urgently.

Eric


0
Comment
Question by:Erctheanda
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 3
14 Comments
 
LVL 2

Expert Comment

by:Karaa
ID: 9616567
disable the cookies
In server.xml. "noCookies" set to true
<Context path="/Member" docBase="Member" debug="0"   cookies="false" reloadable="true" crossContext="true">

0
 
LVL 2

Expert Comment

by:Karaa
ID: 9616669
"null" may be
if the cookies of the browser have been disable.

response.encodeURL() will add session id parameter to url if the browser doesn't support cookies. Otherwise, the url remain the same.
0
 
LVL 2

Expert Comment

by:Karaa
ID: 9616691
Member/classes/SunnyTimes/Member/RetrievePass.jsp
This path is little confusing "Member comming twice"? better to use once
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 14

Expert Comment

by:kennethxu
ID: 9617420
As long as Dir A and Dir B under same context, that means they belong to same web application. you should always have same session regardless of where you are.

Which server and which browser are you using?

Some intergrated IDE browser have big problem to track session, use IE or Netscape to test.

If you still have problem, post your WEB-INF/web.xml file.
0
 

Author Comment

by:Erctheanda
ID: 9619353
I think my question is misundestood. Sorry for my expression. English is not my strong point..

Situation is as follows.

I have 2 WARs--- WAR A and WAR B-- each belonging to their respective EARs -- WAR A belongs to EAR A, WAR B belongs to EAR B.---

Therefore now i have 2 pages. A.jsp belongs to WAR A. B.jsp belongs to WAR B.

what i am getting.

A.jsp with sessionid AAA --- redirects to---- B.jsp with sessionID BBB


What i want,

A.jsp with sessionid AAA --- redirects to --- B.jsp with sessionID AAA


Can the above be done?

If not, any ideas? the above is to faciltate the login of a member into my site.
Aim is that once he logs in, he won't have to login anymore regardless of where he goes in MY SITE.

Thanks for the replies, but more help is needed.

Eric
0
 
LVL 14

Accepted Solution

by:
kennethxu earned 1000 total points
ID: 9620196
No, there is not such thing that session can be access cross web app ( or cross war/servlet context, they are all same thing).

The problem is that you are not using the standard J2EE security, otherwise you should be having such problem, use will only need to login once and you can get user credential in all web apps using request.getUserPrincipal() and request.isUserInRole(java.lang.String role) to get username and determine if user is in certain role.

java web security tutorial:
http://www.onjava.com/pub/a/onjava/2001/08/06/webform.html

api:
http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/http/HttpServletRequest.html
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 9620223
sorry it should read as:
otherwise you shouldn't be having such problem, with java web security, user is only required to loin once and ......
0
 

Author Comment

by:Erctheanda
ID: 9621301
Okie.. thanks Kenneth.

It is possible to use the J2EE security to authenticate users.

But is it possible to add users to a realm programmatically?

Meaning.. is there such a thing as

AddUser(String username, String pass, String Group)

in the API? if not.. I would have to manaully Key in the user' details into the server's database... That would mean.. everytime a person registers at my site, he would have to wait 2-3 days before an admin comes along to add his name into the server??

Please help once more... thanks
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 9621593
There is no standard API for user management. SUN leaves this to j2ee server vendor, so it is per server dependent. But this is doable for most servers. take tomcat as an example.

by default tomcat uses an xml file as user repository. but it can also be configured to use database tables to store user/group info. you can easily use JAXP or JDBC to manage your xml or database user repository programmacally.

tomcat also come with an admin app, which not only let you adminstrate user/group from a webapp, but also provide source code to show you how to do it programmatically.

Let me know if you have further enquires.
0
 

Author Comment

by:Erctheanda
ID: 9621901
Is there a docu or URL or guide to tell me how to get J2EE sever ( the one that comes with J2EE 1.3.1) to use a database table as a user repository?

thanks kenneth for the replies. you have been most helpful. but if i accept your answer now, i would have to close the question. Do bear with me for a while longer.

Thanks again.

Eric
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 9622467
I don't use j2ee reference implmentation (J2EE RI). It might possible to use database table as user repository but I don't know how.

the sun's j2ee RI includes a customized version of tomcat as its servlet container. unless you want to use ejb and web services. I would suggest to use tomcat directly. The RI was designed for easy to use. Good for leaning and testing, but not for advanced programming, and definately should not be deployed to a production server.

If you are planning something for production environment. Look into Tomcat, if you need ejb, try out JBoss.
0
 

Author Comment

by:Erctheanda
ID: 9622493
Many Thanks kenneth. I will look into it.
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 9622755
something just come to my mind.

If the user id is the only information you would like to sure accross the applications. You might want to consider to store a cookie in browser side, you can set the cookie to site level. This approach is not so secure because somebody can fake a cookie and gain access to your site. But it could be an easier solution if your site doesn't require strong security.
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 9622805
My pleasure and thanks for the A grade.
some additional information might help you if you would like to try Tomcat DBrealm:
http://www.onjava.com/pub/a/onjava/2001/07/24/tomcat.html?page=2 
0

Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
Let's take a look into the basics of ransomware—how it spreads, how it can hurt us, and why a disaster recovery plan is important.
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question