Todd McGrath wrote:
>
> Perplexed by a problem I'm having:
>
> I have a custom login solution that writes a string to
> a user's HttpSession Object:
>
> session.setAttribute("login", new
> java.util.Date().toString());
>
> In the app, I have a controller servlet that checks
> for this session attribute with each request:
>
> Object done = session.getAttribute("login");
> if (done == null) {
> res.sendRedirect(relogin); ...
These are not exactly answers on your question, but some thoughts came
as I was reading it.
Why are you using sendRedirect() method instead of RequestDispatcher
object ? The one reason doing so I see would be to redirect *outside* of
your web app, but that solution wouldn't set any objects with "session"
scope. Thus, it's not your case. Do you work with Servlet 2.2 compatible
servlet container ? If so, read on...
The difference between them (sendRedirect and RequestDispatcher) is that
sendRedirect sends back to a browser a response that it should redirect
its request to another page/site which implies another request will be
sent by a browser. On the other hand, RequestDispatcher gives you
possibilities to send a request forth and back (no matter how many
times) between web components just on the server side rather then
forcing to exchange information through the net as in previous case.
I'd rather write:
if (done == null)
getServletContext.getRequestDispatcher(relogin).forward(req, res);
assuming that req and res are HttpRequest and HttpResponse objects
respectively.
> Also, I'm noticing a difference in the URL when I move
> around the site in a SSL session now. URLs now look
> like:
>
>
>https://protected.company.com/Action?cmd=myaccount;jsessionid=Oa6HTKaeJpki3ZNlC_zHuKUEu80WAyXKdC7qPTT4plE=
>
> I never had the "jsessionid=0a6H...." before.
That's described in Servlet specification
(http://java.sun.com/products/servlet). jsessionid is reserved cookie
name being visible when your application uses HttpSession, but a client
(i.e. browser) doesn't support cookies. In that case, technique called
URLRewritting is being used and all it does is to rewrite URL so the new
URL includes jsessionid and a session is preserved.
> -Todd
Jacek Laskowski
