On Thu, 15 Nov 2001, Deacon Marcus wrote:
> Date: Thu, 15 Nov 2001 06:52:57 +0100
> From: Deacon Marcus <[EMAIL PROTECTED]>
> Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> To: Tomcat Users List <[EMAIL PROTECTED]>
> Subject: RE: Tomcat to read cookies on session start?
>
> Hi,
>
> > -----Original Message-----
> > From: Jeremy Pierson [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, November 15, 2001 4:52 AM
> > To: [EMAIL PROTECTED]
> > Subject: Tomcat to read cookies on session start?
> >
> >
> > I need to create a new object and load it into the session attributes
> > whenever a new session is created. To make this more interesting, this
> > object needs to check for information stored in a cookie sent by the
> > browser (stored from a prior visit) and fetch any related information
> > from a database.
> >
> > I can use a HttpSessionListener to create an object and add it to the
> > session whenever a new session is created, but the SessionListener (and
> > the Session it gives access to) do not give access to an
> > HttpServletRequest object. So how can I check for cookies or even the
> > RemoteUser? These two required resources ARE available in the
> > HttpServletRequest object, but there is no means of getting to that
> > object from an HttpSessionListener, is there?
> >
> > Is a servlet Filter my only option? I'm running Tomcat 4.0.1.
> >
> > In case you're wondering, I don't want to *require* users to login to
> > make these saved settings available, if they choose to use cookies.
> > They are only required to login to perform tasks that modify certain
> > data, or read restricted information.
> >
> > Many thanks in advance!
> >
> > -jeremy-
>
> IMO the best option would be to create a filter checking if(
> session.isNew() ) { doSomething(); }. Of course, that'd make it 2.3-only.
>
> BTW, that's a very good point - when session is created, it's created
> because of an incoming request, so it would be a nice addition something
> like HttpSessionEvent.getRequest() to get the request causing session's
> creation in HttpSessionListener.sessionCreated()? Anyone working on Servlets
> 2.4 specs here, what do you think?
More precisely, a session is created because the application told it to --
by calling request.getSession() -- not because the request happened to
come in. I would put the cookie-reading logic in the same place that the
session-creation logic lives.
>
> Greetings, deacon Marcus
>
Craig
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
