• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 492
  • Last Modified:

Servlet getRemoteUser

Currently i have been using this technique where when a user logs into my site which is through a servlet, i call request.getRemoteUser() which returns a string of their ip address.  I then use that IP address to do a lookup in my user table to see when this ip address last logged on and as which user, so that i can set the user to that previous choice. I didnt want to use a cookie.  Anyhow, the problem has started where i have two users behind the same firewall. Both users are showing up with the same IP which looking back on it, now is what i would expect. Is there "any" other value of something i could extract that would give me something unique about that user that i could work with in this situation to tell who they are?

Thanks!
0
Hokester
Asked:
Hokester
1 Solution
 
CEHJCommented:
No ;-)
0
 
objectsCommented:
Not really, and there are other conditions where this will also occur.
Why don't you want to use cookies, again not guaranteed but will improve your coverage.
0
 
MogalManicCommented:
The J2EE specification already has this functionality built into the Servlet API.  The request.getSession(TRUE) will create the session object automatically.  If cookies are enabled the sessionID will be stored as a cookie on the client.  If the client has cookies turned off, the servlet will use URL rewriting.  

If you can't or do not want to use the Servlet API (for example you don't want to create cookies), then you could implement the session functionality using URL rewriting.   Your servlet code would be something like this:

String sessionID=request.getParameter("UserSessionID");
if (sessionID==null) { //User is using a new session
   response.setRedirect(AppUserSession.encodeURL("/MyApp/loginPage.jsp");
}
else
{
  AppUserSession UserSession=AppUserSession.findUserSession(sessionID);
  //Process logged in user's request
}

The class AppUserSession would look something like this:
public class AppUserSession
{
    /**
      * Rewrite the url to contian the session ID as a parameter
      */
    public static String encodeURL(String url)
    {
         String userID=...// Some code to generate Unique ID (i.e. hash of the user's IP address plus system clock time)
         SessionMap.put(userID, new HashMap());  //Probably should be readonly Map instead
         return url + (url.indexOf("?")>-1 ? "?" : "&")+"UserSessionID="+userID;
    }

   public static Map findUserSession(String sessionID)
   {
      return sessionMap.get(sessionID);
   }
    //...Other functions as necessary
}
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now