In the general case, HttpSession objects are server specific. An HttpSession
object on server1 cannot be used by server2. (Exception: when using a
load-balancing system, the various servers share session information). There
still seems to be a piece missing: where is updateServlet? Server1? Server2?
Server X?
I assume the cookie is sent by the loginServlet to the handlerServlet based on
the userid and password in the URL. The cookie contains the session id for the
userid, which is then passed by handlerServlet to updateServlet; updateServlet
attempts to get the session based on the session id. Again, if updateServlet is
on a different server from loginServlet, this won't work.
Your architecture should work, I think you just need to get away from the idea
of sharing sessions. I suggest you consider creating the session in the
handlerServlet. Use the session to store any state needed by the system. Then
when handlerServlet calls the various servlets in the system, it passes the
required Objects from the session by passing the objects as part of the request.
If you are using HttpUrlConnection to call the other servlets, you can simply
write the objects to the stream. If you are using
RequestDispatcher.forward(HttpServletRequest, HttpServletResponse), then add the
objects to the request object with getAttribute/setAttribute. If all clients
call handlerServlet first, handlerServlet is the best place to create the
session.
K Mukhar
tong rong wrote:
>
> Hi,
> Maybe my code snip is not complete enough. The loginServlet and handler servlet
> are on the different server, that is I call them
> by:http://server1.com/servlet/loginServlet and
> http://server2.com/servlet/handlerServlet.
> In loginServlet, I have created the session and put user login information in
> session:
> loginServlet:
> doGet(HttpServletRequest req,HttpServletResponse resp) throws ServletException
> {
> HttpSession session=req.getSession(true);
> //read login parameter and validate it
> .....
> session.putValue("userid",userid);
> ....
> }
> In handlerServlet, I read loginServlet's session by:
> {
> URL url=new
> URL("http://server1.com/servlet/loginServlet?userid=test&password=test");
> URLConnection conn = url.openConnection();
> HttpURLConnection httpConn = (HttpURLConnection) conn;
> String cookieHeader = httpConn.getHeaderField("set-cookie");
> String lastCookie="";
> if(cookieHeader != null) {
> int index = cookieHeader.indexOf(";");
> if(index >= 0)
> lastCookie = cookieHeader.substring(0, index);
> }
> .....
> }
> Then send this cookie to updateServlet by the code snip I posted already. Does
> Mukhar mean I should create session in handlerServlet? Please help me. Thanks.
>
> Kevin Mukhar wrote:
>
> > No, that's not correct.
> >
> > "Srini Sathya." wrote:
> > > when u have already created a session and want to u that session in ur
> > > future pages, use
> > >
> > > req.getSession(false)//Pls Note here false instead of true.
> >
> > Using either true or false should not affect whether a previously created
> > session is returned by the getSession method. If a session was previously
> > created, getSession will always return the existing session (assuming it has not
> > timed out and the session id was correctly passed by the client). If a session
> > was not previously created, then getSession(true) will create a new session,
> > getSession(false) will return null.
> >
> > I suspect that the problem of the original poster is that the session id is not
> > being passed correctly. The code snippet does not seem complete enough to
> > determine what is going on. Either the handler servlet or the login servlet
> > needs to create the session. The code does not show that occuring. After the
> > session is created, the servlet container normally manages passing the session
> > id to the browser (assuming the browser is accepting cookies). When the client
> > next calls handler servlet, it will pass the session id back, allowing the
> > handler servlet to get the correct session. Assuming updateServlet is on the
> > same server, the same should hold true to updateServlet.
> >
> > K Mukhar
> >
> > "Srini Sathya." wrote:
> > >
> > > when u have already created a session and want to u that session in ur
> > > future pages, use
> > >
> > > req.getSession(false)//Pls Note here false instead of true.
> > >
> > > >From jsdk2.1 docs
> > > ------------------
> > >
> > > --Start of Snip--
> > > Returns the current HttpSession associated with this request or, if
> > > necessary, creates a new session
> > > for the request. Use true for create to create a new session, or false to
> > > return the current HttpSession.
> > >
> > > If create is false and the request has no valid HttpSession, this method
> > > returns null.
> > >
> > > To make sure the session is properly maintained, you must call this method
> > > at least once before you
> > > write any output to the response. Newly created sessions (that is, sessions
> > > for which
> > > HttpSession.isNew returns true) do not have any application-specific state.
> > >
> > > Parameters:
> > > true - to create a new session for this request; false to return the
> > > current session
> > > Returns:
> > > the HttpSession associated with this request or null if create is
> > > false and the request has no
> > > valid session
> > >
> > > --End of Snip--
> > > Hope this helps
> > > Srini
> > >
> > > -----Original Message-----
> > > From: tong rong [mailto:[EMAIL PROTECTED]]
> > > Sent: Monday, July 31, 2000 11:54 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: session tracking problem in doGet
> > >
> > > Hi,
> > > I am writing a servlet handler program. The process is: when user login,
> > > my
> > > handler servlet read login information and pass them to loginServlet, save
> > > loginServlet's sessionId and display result. Then user can edit his account
> > > through Get method of 'updateServlet '. My handler servlet will pass
> > > loginServlet's sessionId to updateServlet.
> > > But when I use req.getSession(true) in updateServlet, what I got is
> > > different with the sessionid i sent. Please help me.
> > > Here is my code:
> > >
> > > handlerServlet:
> > > public sendGetData(String lastCookie)
> > > {
> > > URL url=new URL("/servlet/updateServlet?Change=add");
> > > URLConnection con = url.openConnection();
> > > con.setDoInput(true);
> > > con.setUseCaches(false);
> > > if(lastCookie!=null)
> > > con.setRequestProperty("cookie", lastCookie);
> > >
> > > InputStream in = con.getInputStream();
> > > Reader reader = new InputStreamReader(in);
> > > this.reader = new BufferedReader(reader);
> > > }
> > >
> > > updateServlet:
> > > doGet()
> > > {
> > > HttpSession session=req.getSession(true) ;
> > > String sessionId=session.getId();
> > > ....
> > > }
> > >
> > > Thanks in advance
> > >
> > > rachel
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
