Servlet getRemoteUser

Posted on 2004-08-25
Medium Priority
Last Modified: 2013-11-24
Currently i have been using this technique where when a user logs into my site which is through a servlet, i call request.getRemoteUser() which returns a string of their ip address.  I then use that IP address to do a lookup in my user table to see when this ip address last logged on and as which user, so that i can set the user to that previous choice. I didnt want to use a cookie.  Anyhow, the problem has started where i have two users behind the same firewall. Both users are showing up with the same IP which looking back on it, now is what i would expect. Is there "any" other value of something i could extract that would give me something unique about that user that i could work with in this situation to tell who they are?

Question by:Hokester
LVL 86

Expert Comment

ID: 11896992
No ;-)
LVL 92

Expert Comment

ID: 11897931
Not really, and there are other conditions where this will also occur.
Why don't you want to use cookies, again not guaranteed but will improve your coverage.
LVL 21

Accepted Solution

MogalManic earned 500 total points
ID: 11898130
The J2EE specification already has this functionality built into the Servlet API.  The request.getSession(TRUE) will create the session object automatically.  If cookies are enabled the sessionID will be stored as a cookie on the client.  If the client has cookies turned off, the servlet will use URL rewriting.  

If you can't or do not want to use the Servlet API (for example you don't want to create cookies), then you could implement the session functionality using URL rewriting.   Your servlet code would be something like this:

String sessionID=request.getParameter("UserSessionID");
if (sessionID==null) { //User is using a new session
  AppUserSession UserSession=AppUserSession.findUserSession(sessionID);
  //Process logged in user's request

The class AppUserSession would look something like this:
public class AppUserSession
      * Rewrite the url to contian the session ID as a parameter
    public static String encodeURL(String url)
         String userID=...// Some code to generate Unique ID (i.e. hash of the user's IP address plus system clock time)
         SessionMap.put(userID, new HashMap());  //Probably should be readonly Map instead
         return url + (url.indexOf("?")>-1 ? "?" : "&")+"UserSessionID="+userID;

   public static Map findUserSession(String sessionID)
      return sessionMap.get(sessionID);
    //...Other functions as necessary

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Introduction This article is the last of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers our test design approach and then goes through a simple test case example, how …
A discussion about automated testing of Web Applications utilizing Selenium, along with illustrated configuration steps for the Jenkins open source tool.
Viewers learn about the “for” loop and how it works in Java. By comparing it to the while loop learned before, viewers can make the transition easily. You will learn about the formatting of the for loop as we write a program that prints even numbers…
Viewers will learn about the regular for loop in Java and how to use it. Definition: Break the for loop down into 3 parts: Syntax when using for loops: Example using a for loop:
Suggested Courses

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question