Solved

Session Variables???

Posted on 2003-11-05
14
657 Views
Last Modified: 2010-04-01
I'm creating a class to hold session variables.  I'm pretty new to jsp so I'll most likely be posting several questions.  My question right now is "What" types of information should I store for session variables?

So far I have

user
password
admin flag
last url

I feel that I'm not tracking enough (although, I am trying to keep it as simple as possible)

Could anyone offer advice.

Points are low so that I can hand out more if necessary.  If not necessar, I'll up the points.

TIA
0
Comment
Question by:dds110
  • 5
  • 3
  • 2
  • +2
14 Comments
 
LVL 15

Accepted Solution

by:
jimmack earned 25 total points
ID: 9688065
You don't want to create your own class for session variables.  You want to use the existing session ;-)

The first three attributes look OK.  Not sure what the last URL is for.  Nothing to stop you storing it though.

Servlet:
HttpSession session = request.getSession();
session.setAttribute("name", object);
Object o = session.getAttribute("name");

JSP:
same, only the "session" is already available.
0
 
LVL 35

Expert Comment

by:TimYates
ID: 9688078
> HttpSession session = request.getSession();

Should be:

HttpSession session = request.getSession( true );
0
 
LVL 35

Expert Comment

by:TimYates
ID: 9688082
(I think) ;-)
0
 
LVL 15

Expert Comment

by:jimmack
ID: 9688084
Good catch Tim.  That will create the session object if it doesn't already exist ;-)
0
 
LVL 1

Expert Comment

by:JNic
ID: 9688380
If you have af jsp with some form-elements that you know you will return to later, it will be a good idea to store these forms in session.

Fx. If you have a Calendar page-and have selected OCTOBER 2004, then you want to do something else (change content of a date), and return to the form.
In this case you could store the selections in session, and when you return to the page reload them.

So:

HttpSession ses = request.getSession(true);
ses.setAttribute("selectedMonth", request.getParameter("month"));
ses.setAttribute("selectedYear", request.getParameter("year));


And later:

HttpSession ses= request.getSession(true);
String month=ses.getAttribute("selectedMonth");
String month=ses.getAttriubte("selectedYear");

Hope it helps,

Nic
0
 
LVL 8

Author Comment

by:dds110
ID: 9688480
OK, going with those thoughts, is the httpsession kinda like an array so that it will store variables from several users?  How does it handle that?
0
 
LVL 1

Expert Comment

by:JNic
ID: 9688829
Well, its closer to a Vector if you want... An array is many different objects of the same kind. The Session-object can store all kinds of objects as attributes.

Another example which does the same as before:

Class CalendarSelection{ // This class contains the selections.
String month;
String year;
   public CalendarSelection(String m, String y){
     month=m;
     year=y;
   }
}


HttpSession ses = request.getSession(true);
CalendarSelection cs=new CalendarSelection(request.getParameter("month", request.getParameter("year");
ses.setAttribute("selection", cs); // now the attribute was the CalendarSelection-object

If you want to know more about Session: http://java.sun.com/j2ee/sdk_1.3/techdocs/api/
and look under HttpSession.

0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Expert Comment

by:dmcreyno
ID: 9688893
The session is on a per user basis. It stores name-value pairs, like a Hashmap. You can store just about anything (small). Everyone gets their own session. In the old day though, it was possible to get a collection of ALL the active sessions on the server, a major security risk (depending on how the session were being used). The javadoc for HttpSession interface still lists the old put/get Value, put being an indication of HttpSession's hash-map roots.
0
 

Expert Comment

by:dmcreyno
ID: 9688981
Here is a snippet from one of tomcat's Session implementations showing that it is in fact a Hashmap, not a Vector.

    /**
     * The collection of user data attributes associated with this Session.
     */
    private HashMap attributes = new HashMap();

0
 
LVL 8

Author Comment

by:dds110
ID: 9689437
OK,

Like I said, i'm pretty new to this.  One of the things I want the session to do is determine if a user has signed in via an html form.  If a user bookmarks a page that needs signing in to, I want to redirect the user to the index page.  Here's some code:

<%@ page import = "java.*, java.io.*"%>
<%
      HttpSession ses= request.getSession();
      File myfile = new File("C:\\Program Files\\Apache Tomcat 4.0\\webapps\\ROOT\\FormsRepository\\sup");
                  File[] files = myfile.listFiles();

                  String x;
                  Object uservar;

                  uservar=ses.getAttribute("user").toString();
                  if(uservar=null){
                              response.sendRedirect("index.shtml");
            }
%>

This code fails at the if block.  What's going on here?

0
 
LVL 1

Expert Comment

by:JNic
ID: 9689451
It has to be  :

if(uservar==null){

not

if(uservar=null){
0
 
LVL 8

Author Comment

by:dds110
ID: 9689678
It now gives me a null pointer exception
0
 
LVL 8

Author Comment

by:dds110
ID: 9689711
All of you have been helpful and patient enough.  You have all given me alot to ponder and research.  I will award the points now.

jimmack will get the points here.

jnic
dmcreyno
timyates will all have a new question with their points posted.

Thanks a lot.  I'll be back with more later.

DDS

0
 
LVL 8

Author Comment

by:dds110
ID: 9697733
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Performance in games development is paramount: every microsecond counts to be able to do everything in less than 33ms (aiming at 16ms). C# foreach statement is one of the worst performance killers, and here I explain why.
We have come a long way with backup and data protection — from backing up to floppies, external drives, CDs, Blu-ray, flash drives, SSD drives, and now to the cloud.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now