Howdy, >Here's the scenario: Im working on some image display code. The images >are downloaded via '<img src="http://servlet?img=id";>' from a servlet. >Im trying to block people from linking to the images by calling this >from a .jsp wherein I call 'setAttribute()' somewhere to make it a >'valid' session. > >The problem seems to be specific to this servlet. Other .jsp code seems >to be able to share attributes with servlets, beans, etc with no >problem. > >Any suggestions what Im doing wrong?
If the problem is specific to a servlet, carefully examine that servlet for thread-safety-related issues. Consider an alternative approach for preventing users from accessing the servlet directly: perhaps a security-constraint or a simple filter, rather than the servlet itself doing the checking? Yoav Shapira > >-----Original Message----- >From: Ben Souther [mailto:[EMAIL PROTECTED] >Sent: Monday, January 12, 2004 10:23 AM >To: Tomcat Users List >Subject: Re: communication issue between .jsp and servlet > > >Also make sure that you have session cookies enabled in your browser. > > >On Monday 12 January 2004 01:00 pm, Shapira, Yoav wrote: >> Howdy, >> Are you sure it's the same session? (Check it's ID in the JSP and >> servlet). >> >> Yoav Shapira >> Millennium ChemInformatics >> >> >-----Original Message----- >> >> From: jon yeargers [mailto:[EMAIL PROTECTED] >> >> >Sent: Monday, January 12, 2004 12:57 PM >> >To: [EMAIL PROTECTED] >> >Subject: communication issue between .jsp and servlet >> > >> >Im hoping to restrict access to a servlet object by setting a session > >> >attribute in the valid .jsp and looking for it in the called servlet. > >> >Unfortunately the object doesn't seem to be transferring properly. >> > >> >Are there issues with using: >> > >> ><% >> >HttpSession sessionObj = request.getSession(); >> >sessionObj.setAttribute("something", new Boolean(true)); >> > >> >/*** some code here to call servlet - form or similar **/ >> >%> >> > >> >in my .jsp and then calling: >> > >> > >> >protected void doPost(HttpServletRequest request, HttpServletResponse >> >response) >> >throws ServletException, java.io.IOException >> >{ >> > HttpSession sessionObj = request.getSession(); >> > Boolean b = (Boolean)sessionObj.getAttribute("something"); >> > >> > >> >} >> > >> > >> >For some reason I keep turning up a null obj in the servlet. Ive >> >tried enumerating all the sessionObj and its all turning up null. >> > >> >This seems pretty straightforward.. what am I doing wrong? >> >> This e-mail, including any attachments, is a confidential business >> communication, and may contain information that is confidential, >> proprietary and/or privileged. This e-mail is intended only for the >> individual(s) to whom it is addressed, and may not be saved, copied, >> printed, disclosed or used by anyone else. If you are not the(an) >> intended recipient, please immediately delete this e-mail from your >> computer system and notify the sender. Thank you. >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] > >-- >Ben Souther >F.W. Davison & Company, Inc. > > > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
