Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / General / June 2005

Tip: Looking for answers? Try searching our database.

In servlet: Given session-ID, how to retrieve session object?

Thread view: 
Enable EMail AlertsStart New Thread
Robert Maas, see http://tinyurl.com/uh3t - 05 Jun 2005 21:23 GMT
I'm writing a J2EE HttpServlet. The user logs in, gets a menu back,
then clicks on something in the menu to invoke some particular servlet
task. If cookies are enabled, the J2EE servlet container uses the
jsession (or something like that) cookie to retrieve the same old
session object on each HTTP connection. But if cookies aren't enabled,
a new session object is constructed on each new HTTP connection. But
within the form filled out by the user, there's a hidden field
containing the session ID, so even when cookies aren't enabled the
servlet knows the correct session ID and can perform stateless queries
for this user. The application stores login status in a table in a
database, so recognizing the session ID is valid, and from that knowing
which user is re-connecting, is no problem. Also for simple textual or
numeric data that needs to be retained from connection to connection,
storing the data, associated with the session-ID as a key, in the
database, is no problem. But what if I want to store a more complex
Java object in the session object and retrieve it upon
HTTP-reconnection? Is there any way the servlet can query the J2EE
servlet container to find out whether this known session-ID is
associated with any still-existing session object, and if so return
that session object so the servlet can then retrieve Java objects that
had been previously stored in it? I looked in the API spec for
HttpSession, HttpServlet and even HttpServletRequest, but I didn't find
any such method anywhere in there. Anybody know any such? I would hate
ot have to serialize an object and write the serialization as one
humungous varchar to a database, maybe broken into many pieces to fit
the maximum varchar allowed in CloudScape (here where I'm developing
the program) or MicroSoft ACCESS (on campus where I must demo it), or
write the serialization to a disk file in the system temporary
directory and put the filename in the database.

(Note, I'm using Java version 1.3.1 here, if that makes any difference.)
(and version 1.4.1 on campus, so whatever must work in both.)
Reply to this Message
Neill - 06 Jun 2005 02:07 GMT
2 thoughts come to mind,

1) URL rewriting should accomplish session retention, and is an accepted
practice. It sounds as though you are intentionally not requiring a valid
session. Since this appears to be the case, and since the problem appears to
be one of session persistence, you could

2) persist the session to a relational database as you've suggested. Does it
need to be a varchar, or can it be a BLOB, or CLOB?

I haven't ever attempted #2, but there's no reason you couldn't do it, and I
would be interested to know how it works out for you.

Signature

Neill Laney
http://www.laneyconsulting.com

Reply to this Message
Robert Maas, see http://tinyurl.com/uh3t - 26 Jun 2005 01:17 GMT
> From: "Neill" <NO@SPAM.com>
> URL rewriting should accomplish session retention, and is an accepted
> practice.

Indeed at one point I manually explored the url rewriting features in
J2EE to get a feel for what they did, namely attach the
 jsession=4392gijh3w0iochgtiuo4hgui0
(tag always the same, value is whatever the session ID was) after
question mark after the URL. I was thinking of doing something like
that to be consistent with the way J2EE works.

> It sounds as though you are intentionally not requiring a valid
> session.

I suspect the difference between J2EE (where I developed the servlet
and where I had no problems regarding session ID, always had it around)
and Tomcat (sans the rest of J2EE, where I tested the same servlet and
had the problem in certain cases such as when user typed user name and
password but was already logged in under another session ID). Perhaps
J2EE maintains sessions better than Tomcat by itself?

> persist the session to a relational database as you've suggested.
> Does it need to be a varchar, or can it be a BLOB, or CLOB?

I only slightly heard of those and never had a use for them, so I don't
even know whether they'd be available in a compatible way in both
CloudScape and MicroSoft ACCESS. If I were still working on servlets, I
might give them a try.
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.