1 - What is the "correct url"? The right url (example:
http://userip/tomcatappdirect/first.jsp) which generated a http request to
my servlet. This way, the user cant directly reach my servlets. So, i guess
i can create a session in my JSP FORM like this:
HTTPSession se = request.getSession(true);
se = req.setAttribute ("idsessionconnection", session.getId());
and then, retrieve it in the destination servlet:
...
HTTPSession session;
String sValue = session.getId();
String id = (String) request.getAttribute("idsessionconnection");
if (sValue.equals(id)){ ...
So, the question is: since you know my needs, is the above code right?
If yes, it solve the item 2 too.
Regards, Euclides.
-----Mensagem original-----
De: Jacob Kjome [mailto:hoju@(protected)]
Enviada em: terca-feira, 3 de junho de 2003 18:29
Para: Tomcat Users List
Assunto: Re: RES: Best Practice: choose between SessionCookie or just
Session
At 04:04 PM 6/3/2003 -0300, you wrote:
>Jacob and James,
>thanks a lot for your attention!I just need 2 things:
>1 - find out who generated the http request , so i could compare it against
>the correct url.
What is the "correct url"? You have some application logic that I am not
aware of. I can't really help you out until you detail what you mean here.
>2 - to avoid direct http request ( i.e, from browser ), so i would create a
>session id in the prior JSP and then, search for it into my servlet ( the
>destination ). Is it clear?
What do you mean "avoid a direct http request"? What is your purpose
here? I'm afraid it isn't very clear.
Jake
>Regards,
>Euclides.
>
>
>
>-----Mensagem original-----
>De: Jacob Kjome [mailto:hoju@(protected)]
>Enviada em: terca-feira, 3 de junho de 2003 12:19
>Para: Tomcat Users List
>Assunto: Re: Best Practice: choose between SessionCookie or just Session
>
>
>
>I think you are mixing concepts together. The session cookie simply
>provides an id that uniquely points to a session. This can also be
>replaced using URL rewriting of the session id. You don't directly
>manipulate the session id. This is handled by the container. You just
>grab a session and start adding stuff to it and reading stuff from it.
>
>If you are talking about a "remember me" feature, you could place a cookie
>on the client which is completely and utterly separate from the session
>cookie which stores some information about how to automatically re-log in
>without user intervention.
>
>I think the latter is what you are looking for.
>
>Jake
>
>At 11:48 AM 6/3/2003 -0300, you wrote:
> >Hi , friends. This is a important best practice question for me. My
project
> >has a web form which is showed and filled ( by the user) after an
external
> >authentication process. The question is: should i generate a session
Cookie
> >that will be recovered by my following servlet or just generate any
session
> >parameter ( which will be recovered later too ), since i guess i only
need
> >to control the whole internal process.
> >Thanks in advance,
> >Euclides.
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
> >For additional commands, e-mail: tomcat-user-help@(protected)
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
>For additional commands, e-mail: tomcat-user-help@(protected)
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)
