How to do session tracking in JSP

Similar Messages

• How to manage session tracking in jsp

  how to track user account upto when he log out from the application. and tell me how to develop secure page.

  You've posted this to the wrong forum: this forum is about Java Web Start, which is a product of Sun Microsystems.

• How to use session object in jsp

  hi all
  marry christmas
  can anyone plz tell me how to use session obect in jsp
  rachna
  Message was edited by:
  rachna_arora82

  hi rachna,
  JSP has a default(implicit) session object...... use the getSession(true) method on the session object and then going u can either get or set attributes depending on the requirement
  That was in general and now with the issue u have got..... what u can do is that the u can create session for every user who logs in and when he/she tries to login again then u can probably check for the existing session object in the JSP and perform the logic as required..... any clarifications plzzzzzzz let me know
  Thanks n Regards
  Naveen M
  Message was edited by:
  Novice_inJAVA
  Message was edited by:
  Novice_inJAVA

• How to use session tracking

  i am making shopping mall project .
  ist page conatins list of product avaiale
  2nd page contains list of manufacturuer avaible
  problem:-
  i want to display on 3rd page the product seleted by user in 1st page
  i used session tracking concept.but problem is the value is coming null in third page
  please tell me how to solve my problem

  If it is like a shopping cart, I suggest you to look for a good shopping cart examples available plenty online.
  But if its just about keeping session variables and using them the following works.
  Test with a simple example. Have three jsp files like a.jsp, b.jsp and c.jsp.
  put the following in a.jsp
  <% session.setAttribute("Mobile","Nokia");%>
  <%=session.getAttribute("Mobile")%>
  <a href="b.jsp">Go to B.jsp</a>Print the value of session variable - <%=session.getAttribute("Mobile")%> in b.jsp and c.jsp
  And in b.jsp have a link to c.jsp and so on. Once you set a session variable, it lives as long as your session doesnt expire.
  Try it. and also look for more session tracking examples online.
  Message was edited by:
  passion_for_java

• How to use session variable in JSP function  & How to use both JSP  Servlet

  Hi,
  I am new to JSP and servlets
  Still I am devloping a website in JSP. I am not mixing JSP with servlets, but I do create Java files for bean, logic and database works.
  I try to keep the hard coding part out of JSP.
  I dont how to use both JSP and Servlets in combination.
  Hence If needed I write some functions in JSP.
  but it gives me error
  +<%! public void abc()+
  +{+
  int intUserId = Integer.valueOf((Integer) session.getAttribute("MySession_UserID"));
  +}+
  +%>+
  Saying cannot find symbol session
  1) So can u please tell how can I access session variables within JSP function
  2) And also give me some links/tutorials about useing both JSP and Servlets in combination.
  Thanks
  Venkat

  The application architecture when you use Servlets and JSP in a standard MVC pattern is explained here (under the heading "Integrating Servlets and JSP Pages") and here ...

• How to retrieve sessions variables in JSP

  hi,
  I am trying to retrieve session variable from servlet to JSP.
  In the servlet i am retrieving employeenames from database and storing them in a ArrayList variable then i am setting this variable into the session.
  When retrieving the session in the jsp it displays as [empname1, empname2].
  Please help how to retrieve them
  Thanks in Advance,
  sha

  At the servlet:
  ArrayList<String> employeeNames = new ArrayList<String>();
  employeenames.add(blahBlahblah);
  session.setAttribute("eNames", employeeNames);
  At the JSP:
  ArrayList<String> names = (ArrayList<String>) session.getAttribute("eNames");
  for (String nom : names) {
  do something with the name stored in String variable nom...
  }

• How to update session in processLaunch.jsp

  Hi,
  When i am creating End user form, i have
  createuser
  edituser
  selfservice
  in the form, when i click first 'createuser' processLaunch.jsp redirect to 'createuser' form based on attributes in request object.
  Then i click 'back' button then click on 'edituser' still it goes to 'createuser' form.
  How to update session or use request object to change.
  my code.
  <%@ page import="com.waveset.session.Session,
  com.waveset.session.UserViewConstants,
  com.waveset.ui.util.PageProcessor,
  com.waveset.ui.util.RequestState,
  com.waveset.ui.web.task.TaskLaunchForm,
  com.waveset.ui.LoginHelper,
  com.waveset.view.ProcessViewer"
  %>
  <%@ include file="../includes/headStartUser.jsp" %>
  <%
  String pageTitle = req.getLocalizedString("UI_LAUNCH_PROCESS", _locale);
  String bodyAttributes = "onload=\"selectFirstEditField();\"";
  TaskLaunchForm form = new TaskLaunchForm();
  try {
  // should we let the process view specify its own title?
  form.setTitle(pageTitle);
  form.setSubTitle(req.getLocalizedString("UI_LAUNCH_PROCESS_INFO", _locale));
  form.setPostURL(response.encodeURL("user/processLaunch.jsp"));
  form.setNextURL("user/main.jsp");
  form.setWorkItemURL("user/workItemEdit.jsp");
  // let the view know we're in the end-user gui
  req.setOption(ProcessViewer.OP_END_USER, "true");
  String url = form.process(req);
  if ( url != null ) {
  LoginHelper.redirect(req, out, url);
  return;
  catch (Throwable th) {
  form.addError(th.getLocalizedMessage());
  %><%= com.waveset.util.Util.stackToHtmlComment(th) %><%
  %>
  <%@ include file="userHeader.jsp" %>
  <%= form.generateHTML() %>
  <%@ include file="userFooter.jsp" %>
  <%@ include file="../includes/poolSession.jsp" %>
  it is urgent , pls. let me know.
  thanks

  in the jsp, set the scope to request. it might help. u might also want to re-direct it to a new jsp which is a copy of the existing processLauch.jsp to avoid fiddling around with the old one. :)

• Session tracking in JSP pages

  I've two pages in my web application which need regular refresh after a particular interval.I'm using
  (session.setMaxInactiveTime) to check the session validation.& HTML's <META> tag to regularly refresh the page after particular interval.
  On these two pages there are links to the different pages for which i'm opening a new window.
  But i'm losing the session after some time & i'm not able to catch the source from where the session is getting invalidated.even when i'm using meta tag of html to refresh the page.
  I'm also using HttpSessionEventListener Interface to know when the session.putValue & session.removeValue
  functions are used.
  I hope the problem is clear to you people.
  an urgent help/suggestion will be appreciated.
  thanks in advance

  Hi,
  it isn't easy see your problem. When you losing your session? When you hava open a link from your page i a new browser window (instance) and return?
  Also check follow: when no validate session exist, a jsp open a new session, else you use <%@ page session="false" %>
  Roland

• How to use Session scope in jsp page

  Hello, I have login form, where user provides username and password. Then click on submit, it will forward to validation.jsp. Where it will check in database make sure username and password exit. Now i can also retrive accountid of perticular user. I want to put that username and accountid in session scope. so all other pages can use that username and accountid. How can i do that. I'm new at this, so please provide me example too. Here is my code for login.jsp and validation.jsp..
  Validation.jsp
  <%@ page import="java.util.*" %>
  <%@ page import="java.sql.*" %>
  //String name = request.getParameter( "username" );//
  //session.setAttribute( "accountID",accountID );//
  <%
  String connURL = "jdbc:oracle:thin:@orca.csc.ncsu.edu:1521:ORCL";
       Connection conn = null;
       Statement stmt = null;
       ResultSet rs = null;
  Class.forName("oracle.jdbc.driver.OracleDriver").newInstance();
  conn = DriverManager.getConnection(connURL, "vapatel","pjdas");
  stmt = conn.createStatement();
  String user=request.getParameter("userName");
  String password=request.getParameter("password");
  boolean entrance=false;
  stmt.excuteQuery("SELECT AccountID From Password WHERE USERNAME='"+user+"'");
  rs = stmt.executeQuery("SELECT * FROM Password WHERE USERNAME='"+user+"' AND PASSWORD='"+password+"'");
  while(rs.next()){
  String dbUser = rs.getString("USERNAME");
  String dbPassword= rs.getString("PASSWORD");
  if ((user.equals(dbUser)) && (password.equals(dbPassword))){
  entrance=true;
  if (entrance==true){%>
  <jsp:forward page="form.jsp"/>
  <%}
  else{%>
  <jsp:forward page="login.jsp"/>
  <%}
  %>

  hi,
  to put something into session scope in a jsp page use:
  session.setAttribute("counter", Integer.toString(5));to retrieve is from a jsp page use:
  String counterAttribute = (String)session.getAttribute("counter");

• Session tracking in JSP

  hi,
  we have used JSP and JavaBeans in a simple employee database kindof application. each employee has a manager and some details. an employee logs into the system using his employee id and a password and performs related tasks.
  we are unable to maintain session details for the same. we have a login bean which contains the employee id and password and these details are forwarded to each JSP page when required but somehow the data is getting mixed up. for instance, if two users sign in at the same time then the data for the two is gettign mixed up and there is no demarcation for the same.
  can anyone help me with this ?
  thanks in advance

  If you are using a bean to maintain user data, then declaring this with session scope is all you need to do to keep the information seperate.
  Make sure that data the bean accesses is not shared in any way, for example, if you use a common class to access the database, make sure each bean instantiates its own copy.
  Are you testing this with two users on different machines? If testing on one machine, firefox does not allow multiple sessions, IE does.

• Disable non-SSL session tracking?

  Hi, all,
  I wonder if one can disable all session tracking in JSP's whenever SSL is not being used? I would like to turn off all cookie-setting and URL-rewriting and use SSL-session tracking only (if I use session-tracking at all on a given page). I also want to specify this behavior programmatically (inside my JSP's) and not in my server's config files.
  I'm basically concerned that if my user leaves one of my HTTPS pages, they will still retain a non-secure cookie with their session information. This seems to be indeed the default behavior: when I run my tests and transition from an HTTPS page to an HTTP one, the browser does store a cookie. I know I can invalidate the session as the next step, but I'd rather have the cookie not being set altogether to begin with. Imagine the situation where the user leaves my HTTPS page for a totally different (HTTP) website: in this setting I won't get a chance to invalidate the session and delete the cookie.
  Any ideas, therefore, on how to programmatically disable non-SSL session-tracking?
  Thanks,
  Dmitri.

  I don't think you can do this programatically.
  However I also don't think it is a problem.
  Cookies are related to zone names aren't they?
  http://mysite and https://mysite are two different
  zones as far as cookies are concerned. One should
  not be able to see the other.
  It issues a new cookie for the http site you are just
  navigating to. That cookie has nothing to do with
  the secure site you just came from, and shouldn't be
  able to tell them any info about the secure site.
  I think you are worrying about something that isn't
  really there.
  What is your concern? That they pick up a JSESSIONID
  from the cookie and can then pretend to be a
  different user?Yes. A cookie is transmitted and stored unencrypted, I imagine (in any case, it should be more easily crackable than SSL). I wish Sun came up with an extension to the Session API where you would be able to explicitly specify which session-tracking protocols you want used and which ones you don't. At the moment their API abstracts and manages too much detail for you.
  I mean, if my site is supposed to be secure while I'm using SSL, then you'd expect that no information about those secure sessions should leak outside the SSL protocol, wouldn't you say?

• Calling Session Beans in JSP ?

  Hi Folks,
  I am new to EJB3, I am doing simple applicatuions.
  Can any one please tell me how to call session beans in jsp page.
  for example my case is.. iam entering two diffrent data, lets say user name and password in jsp page and this should go in data base thru JPA (entity beans)
  Iam able to enter data from JPA in data base but if the same i have to fetch from JSP page.. iam not getting..!
  I would really appretiate for your help i need it urgent...!
  thanks in advance.

  abishek1983 wrote:
  Hi Folks,
  I am new to EJB3, I am doing simple applicatuions.
  Can any one please tell me how to call session beans in jsp page.
  Not. You can, technically, but you shouldn't. JSP should be for display purposes only, containing no Java code whatsoever.
  for example my case is.. iam entering two diffrent data,Wrong. You cannot possibly have "2 data", the very concept is impossible.
  You can have "2 data items" which is probably what you intended to say?
  lets say user name and password in jsp page and this should go in data base thru JPA (entity beans)
  Iam able to enter data from JPA in data base but if the same i have to fetch from JSP page.. iam not getting..!
  Same way you insert them. Of course JPA entities are distinctly different from entity beans. The very concept of entity beans no longer exists in the context of JPA, it's solely used to mean EJB 2.1 or earlier entity beans.
  I would really appretiate for your help i need it urgent...!
  It's not urgent.

• Session Tracking problem

  I am doing session tracking in jsp. what my purpose is i want to stop the user, if the user is already logged in.
  For this, i am creating a Hashtable and entering the user id and session id as key- value pairs into the hashtable when the user is loggin in, if not in the hashtale. If these values are already in the hashtable, i am restricting the user.
  when the user selects the log out option, i am invalidating the session and deleting the values in the hash table. this is working fine.
  What my problem is suppose if the user closes the window, the session will be expired. but,i am not able to delete the values which are in the hashtable.
  and if the user is trying to log in, according to my logic it is allowing the user.
  Thanks
  Anupama

  i hope this would add-up to others' suggestion, albeit, i would recommend a bit change:
  Given:
  a. you're already implementing a session object that has pair value of user id and session id;
  b. you want to restrict a user who previously logged-in but, say he/she accidentally or intentionally closed the browser, thus leaving his session object in the hashtable
  Proposed Solution:
  a. change your pair value from user id-session id to user id-passwd;
  Explanation:
  a. i believe that you maintain a user bean (with session scope) all throughout the web application;
  b. i also believe that at the same time, you maintain other beans of the same scope, but that's out of question;
  c. putting a session id will give you difficulties in validating a common user that previously logged in because each time a user logs-on, you generate a unique session id;
  d. therefore, you cannot test equality of newly logged user and his new session id with that of his previous in the hashtable (if case pertains to abnormal browser termination);
  e. changing a pair to user id and passwd will enable you to really trap and test if the new user has unterminated or invalidated session in the hashtable;
  f. now, if previously logged user (with session still in the hastable) logs for the second time, you may invalidate his old session and give him a new session.

• How to track the same session using both jsp and servlets

  Hello, guys:
  "how to use jsp and servlet to track the same session",
  it seems to me my logoff.jsp never realize the session I established in my servlets.
  Here is how I set my session in my servlets:
  "     HttpSession session = req.getSession(true);
  session.setAttribute("userid",suserid);"
  Here is how I invalidate my session in my logoff.jsp
  " <%@ page language= "java" %>
  <%@ page import="javax.servlet.http.HttpSession" %>
  <%@ page session="false"%>
  Our Session id is : <%= session.getId() %>
  <% session.removeAttribute("userid");
  session.invalidate();
  %>
  Our Session id is : <%= session.getId() %>"
  but when I try to logoff using the logoff.jsp
  I always get following error message.
  "/home/jiao/jsp_webserver/tomcat/work/Standalone/localhost/syllabus/htmls/logoff_jsp.java:50: cannot resolve symbol
  symbol : variable session
  location: class org.apache.jsp.logoff_jsp
  out.print( session.getId() );"
  T.I.A.
  [Edited by: jiveadmin on Jun 18, 2003 10:32 AM]
  [Edited by: jiveadmin on Jun 18, 2003 10:33 AM]

  So,
  <%@ page session="false"%>
  That means the jsp never instantiates the build in session object.
  <%@ page session="true"%>
  means jsp will instantiates a session object if there are no existing ones
  how about I just delete the line,
  does that mean the jsp will find the existing session object for me?
  So I can do something like
  Our Session id is : <%= session.getId() %>
  <% session.removeAttribute("userid");
  session.invalidate();
  %>
  directly.
  T.I.A.

• How to know if a session finished in jsp

  Hello,
  How to know if a session finished in jsp?
  Help me please.
  Best Regards.
  Joseph

  Depends. You can create a javax.servlet.http.HttpSessionListener implementation and register it in the web.xml file (I forget the syntax, though), which can notify you of sessions being created and destroyed.
  Or you can create a javax.servlet.http.HttpSessionBindingListener implementation and add it to the session (setAttribute()) and it'll have it's valueUnbound method called when the session expires (or the attribute is removed, but if you don't remove it, the session invalidating will). That's a good place for session-specific clean-up.