Implementing session handling in servlet controller

Similar Messages

• Session handling

  Hi,
  I have some doubt about session handling in servlet
  1. Who creates session ?
  When first request come to the servlet , is it a browser which sends session id (jsesessionid) to the servlet or
  WebContainer/Server creates it ? If it is created by browser , plz provide me code for that.
  2. If i open up two firefox instance , I am getting same jsessionid at server side ? how it is possible ?
  Thanks

  1. Who creates session ?The container.
  When first request come to the servlet , is it a browser which sends session id (jsesessionid) to the servletNo
  or WebContainer/Server creates it?Yes.
  If it is created by browser, plz provide me code for that.That request doesn't make any sense. The code concerned would have been in the browser if it worked that way. But it doesn't.
  2. If i open up two firefox instance , I am getting same jsessionid at server side ? how it is possible ?Because the server is associating your IP address with a single session.

• Implementation of session handling for using web services

  Hi,
  I would like to use session handling in web services using ABAP stack in order to start the session with an user login function followed by other RFC calls till a user logout. So far, I found only the following help note in the SAP online help:
  Interface Profile
  In the interface profile, choose the required processing type: Stateful or Stateless.
  A stateful service retains its status within the framework of a HTTP session throughout several calls form the same service consumer. The standard value for services is Stateless.If you require stateful communication, you can choose this instead.
  [http://help.sap.com/saphelp_nwpi71/helpdata/de/45/25291b5a2657c0e10000000a1553f7/content.htm |http://help.sap.com/saphelp_nwpi71/helpdata/en/45/25291b5a2657c0e10000000a1553f7/content.htm]
  Please, could someone explain me the further required steps of SAPs session handling idea cause just settting the status to stateful is still not the solution itself...
  Regards,
  Jens

  Now, I found the possible scenarios, suggest by SAP Help, regarding security for Web Services ([http://help.sap.com/saphelp_nw73/helpdata/en/48/8ebbba66be06b2e10000000a42189b/content.htm|http://help.sap.com/saphelp_nw73/helpdata/en/48/8ebbba66be06b2e10000000a42189b/content.htm]):
  - SAML & WS SecureConversation -> SSO
  - WS Security UsernameToken & WS SecureConversation
  - User ID and Password in HTTP Header & HTTPS
  - SAP Authentication Assertion Ticket & HTTPS -> SSO
  - X.509 SSL Client Certificate through HTTPS
  - WS Security: X.509 Certificate Authentication at Message Level
  Are scenarios with SSO the solution for creating sessions!?

• How to print out the exception caught in the servlet controller to JSP?

  May I know how to print the Exception caught and the stacktrace thing? What i try to do this in the databaseErrata.jsp code was not given me any answer. Instead, causing a number of errors.
  Below are my servlet controller code and databaseErrata.jsp code.
  ----$CATALINA_HOME/webapps/mvct/WEB-INF/classes/Action.java----
  import java.io.*;
  import java.sql.*;
  import java.text.*;
  import javax.naming.*;
  import javax.servlet.*;
  import javax.servlet.http.*;
  import foo.*;
  public class Action extends HttpServlet
    public void doGet(HttpServletRequest request,
  HttpServletResponse response)
      throws ServletException, IOException
      response.setContentType("text/html");
      PrintWriter out = response.getWriter();
      // find real web resource
      String forward = request.getServletPath();
  //'forward' is a string variable consist of url
      if(forward.endsWith(".do"))
        forward = forward.substring(1, forward.length()
  -3) + ".jsp";
      else
        throw new ServletException(
        "Action servlet called with illegal path: " +
  forward); //display the defined error msg and error
  url within the 'forward'
  out.println("forward after forward.substring() = " +
  forward + "</br>");
      // build and validate view page attributes
      HttpSession session = request.getSession();
      try
        byEmployeeId convert =
  (byEmployeeId)session.getAttribute("convert");
        if(convert == null)
          session.setAttribute("convert", convert = new
  byEmployeeId());
        convert.start("11145");
      catch(NamingException ex)
        request.setAttribute("exception", ex);
        forward = "databaseError.jsp";
      catch(SQLException ex)
        request.setAttribute("exception", ex);
        forward = "databaseErrata.jsp";
      catch(IllegalArgumentException ex)
        request.setAttribute("message", "<FONT COLOR='red'>"+ex.getMessage()+"</font>");
      // forward request
      RequestDispatcher rd =
  request.getRequestDispatcher(forward);
      rd.forward(request,response);
  public void doPost(HttpServletRequest request,
  HttpServletResponse response)
      throws ServletException, IOException
        doGet(request, response);
  }----$CATALINA_HOME/webapps/mvct/databaseErrata.jsp----
  <% String message = (String)request.getAttribute("message"); %>
  <HTML>
  <HEAD>
  <TITLE>databaseErrata.jsp Page</TITLE>
  </HEAD>
  <BODY>
  <% if (message != null) { %>
  Message = <%= message %>
  <H1>databaseErrata.jsp Page</H1>
  </BODY>
  </HTML>

  You're missing a closing curly bracket in the JSP page.
  Also, this will only print the exception message. I would recommend passing on the whole Exception object.
  ie request.setAttribute("theException", ex);
  That way you have the exception object to print the stacktrace from.
  However, you are doing this manually. The container can handle this stuff for you if you so wish.
  Check the documentation on error pages. You are able to set up an error page in the web.xml, that all exceptions/errors get directed to.
  something like:
  <error-page>
  <exception-type>java.lang.Exception</exception-type>
  <location>/errorPages/debugError.jsp</location>
  </error-page>
  You then write the JSP page something like this
  <%@ page language="java" %>
  <%@ page isErrorPage="true" %>
  <%@ page import="java.util.*, java.io.*" %>
  <h1>Programming error <BR> FOR DEBUGGING PURPOSES ONLY</h1>
  <p>This page is only for debugging purposes.  Should not be deployed to live environment.</p>
  <p>Details of the error are as follows:</p>
  <table border = 1 width=200>
  <tr><td valign=top><strong>Error :</strong></td><td><%=exception.getMessage()%></td></tr>
  <tr><td valign=top width='80%'><strong>Trace :</strong></td><td><pre><% exception.printStackTrace(new PrintWriter(out));%></pre></td></tr>
  </table>
  <br>Cheers,
  evnafets

• Problem on "Session Handling"

  Hi everyone,I write a simple servlet program on Session handling.In this I use invalidate() method to invalidate the session.
  invalidate() But the problem is that when i push the back button the session data gets back,means in the previous page session data gets visible.please help me.

  All what you can do is to instruct the client not to cache the page. You can do this by adding the following entries to the HTML head:
  <meta http-equiv="cache-control" content="max-age=0, must-revalidate, no-cache, no-store, private">
  <meta http-equiv="pragma" content="no-cache">
  <meta http-equiv="expires" content="-1">If you want to do this programmatically on HttpServletResponse (using a Filter or so):
  response.setHeader("cache-control", "max-age=0, must-revalidate, no-cache, no-store, private"); // HTTP 1.1
  response.setHeader("pragma", "no-cache"); // HTTP 1.0
  response.setDateHeader("expires", -1); // ProxyMake sure that you clears your browser cache before testing.

• ERP2004: ESS JCO session handling in Web Dynpro apps?

  Hello,
  we run ESS/MSS Web Dynpro scenarios, running on WAS 6.40, SP12 in
  Enterprise Portal EP6 SP2 Patch 32. Our go live will be with > 1000 ESS users.
  1. When will the sessions in R/3 backend system be terminated by the
  Web Dynpro Application?
  How is the session handling in FPM (Floor Plan Manager) implemented?
  2. Are there any recommendations regarding the JCO connection settings
  in Web Dynpro Content Administrator (Maximum Pool Size, Maximum Connections,
  Connection Timeout, Maximum Wait Time) to reduce / optimize the load for the
  backend system? I found a documentation in SDN but it is not
  specific for ESS / MSS based on Web Dynpro.
  Background of questions above: The customer is worry about the load on
  SAP R/3 backend side: too much current users in the R/3 backend system,
  possibly bad performance etc. because the JCO sessions are open a long time.
  Are there any experiences with customers running productive ESS / MSS scenarios
  based on Web Dynpro?
  Thanks & Best regards,
  Daniel

  Hi,
  1. For best practices on JCO settings follow the tutorial below and do it accordingly for your no of users. YOu might have to do some trial and error procedure.
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/3103eb90-0201-0010-71af-be6f4a6f61d1
  2. For standards, security settings, cache management etc, SAP will give a TODO list after a remote audit of your project.
  regds,
  Sukanta Rudra

• Session handling in Flex

  I am using remote object for the flex and service communication. After multiple time log in and log out , which is done by remote object call also, I am getting different session id for browser and from the client side. Is there any way to restrict this session id conflict

  I think you are getting confused by comparing flex
  development with jsp serverside development, its completely
  different thing,
  1. How to pass hidden variables using flex.(In jsp we pass it
  throuth hidden field, is there any mechanism similar to that one)
  -- honestly, where do you really want to pass hidden field to
  ? (hidden fields is a hack implemented to overcome the way http
  protocol works , in flex you don't need that hack) .
  2) you can implement exception routine same way (even easier
  in flex) if error occures show this and this page(for example error
  canvas. with error mesage thats it,
  3) How to do session handling in Flex.
  -- question is too vague, do you ave concrete problem that
  you think of?

• Maintain session when calling servlet from form in a JSP

  I have the following set up:
  index.jsp calls login servlet from the action tag in a form.
  Login servlet handles the login, stores the user info and db connection in the session and uses forward(req,res) to call another jsp.
  That jsp has a form where user enters search info and in that form's action tag there is a search servlet. In the search servlet I am unable to access the session.
  Is there any way to pass the session to the servlet from that jsp using a form/action?

  I've read elsewhere that if you go from a jsp to a servlet that the >request object is cleared of any attributes from the previous request.which is correct. But arent we speaking about session object here? A request object is valid for a request - ie the phase from where the server receieves a hit for a resource upto the point it sends the output for that request.
  A session spans multiple requests.
  it doesn't retrieve the session info and gives me a null pointer >exception when I try to use the connection object stored in the session.Bad bad bad . Why do you store Connection objects in session? Create them when necessary or use a connection pool. Do you for example clean up the connections when the session expires. What if its a 30 minute session and the user hits every say 15 minutes with a request. Why do you need to hold on to the Connection in the intervening interval when the user's session is inactive?
  gives me a null pointer exception when I try to use the connection object stored in the session.which means that the Connection object is null - not the session object.
  That last line is where I get the null pointer exception. And that is
  Statement stmt = con.createStatement();?
  Same answer as above.
  If the session object was null,
  userSession.getAttribute("connection");would have thrown a NPE.
  ram.

• Advice for Session Handling

  I'm in the process of constructing a second application, and have once again faced the same problem I've faced in the past.
  Session Handling. One thing That I'm very concerned about is people using the Browser Back Button. Unfortunately when people use the back button the page they see is not coming from the server, but from their browser's cache. This means that the session info that they see is not up to date. In both my applications this would lead to some seriou problems.
  Any suggestions as to how I can either remove the Browser's Back button, or have the servlet refresh when the back button is pushed. Any other suggestions wouls also be greatly appreciated.
  Thanks,
  -Amos

  Hi
  It would be very helpful if you can present a scenario in your application where the back button usage would cause seroius problems.
  Technically speaking you cannot remove the back button. But what you can do is through Java Script open browser windows where the back and front button's tool bar is not visible, but note that the user's can still use the keyboard to move back and forth.
  As far as session handling is concerned you would have to take all the worst case scenarios while designing your web application like the browser crashing, user's closing their browser windows without explicit logout, a database transaction not going through etc.
  Present a scenario of your application so that the session handling mechanism may be discussed.
  Good Luck!
  Eshwar Rao
  Developer Technical Support
  Sun microsystems inc
  http://www.sun.com/developers/support

• What is session tracking in servlets?

  Hi ,
  I'm studying servlets I don't have the clear idea about session tracking and Why and where we need to use it. Can any one say about this.....
  Thanks in advance,
  Maheshwaran Devaraj

  Well Mheshpmr session tracking in servlets is very important...There are a number of problems that arise from the fact that HTTP is a "stateless" protocol. In particular, when you are doing on-line shopping, it is a real annoyance that the Web server can't easily remember previous transactions. This makes applications like shopping carts very problematic: when you add an entry to your cart, how does the server know what's already in your cart? Even if servers did retain contextual information, you'd still have problems with e-commerce. When you move from the page where you specify what you want to buy (hosted on the regular Web server) to the page that takes your credit card number and shipping address (hosted on the secure server that uses SSL), now let me tell you, how does the server remember what you were buying?
  Well There are three typical solutions to this problem.
  1. Cookies. You can use HTTP cookies to store information about a shopping session, and each subsequent connection can look up the current session and then extract information about that session from some location on the server machine. This is an excellent alternative, and is the most widely used approach. However, even though servlets have a high-level and easy-to-use interface to cookies, there are still a number of relatively tedious details that need to be handled:
  * Extracting the cookie that stores the session identifier from the other cookies (there may be many, after all),
  * Setting an appropriate expiration time for the cookie (sessions interrupted by 24 hours probably should be reset), and
  * Associating information on the server with the session identifier (there may be far too much information to actually store it in the cookie, plus sensitive data like credit card numbers should never go in cookies).
  2. URL Rewriting. You can append some extra data on the end of each URL that identifies the session, and the server can associate that session identifier with data it has stored about that session. This is also an excellent solution, and even has the advantage that it works with browsers that don't support cookies or where the user has disabled cookies. However, it has most of the same problems as cookies, namely that the server-side program has a lot of straightforward but tedious processing to do. In addition, you have to be very careful that every URL returned to the user (even via indirect means like Location fields in server redirects) has the extra information appended. And, if the user leaves the session and comes back via a bookmark or link, the session information can be lost.
  3. Hidden form fields. HTML forms have an entry that looks like the following: <INPUT TYPE="HIDDEN" NAME="session" VALUE="...">. This means that, when the form is submitted, the specified name and value are included in the GET or POST data. This can be used to store information about the session. However, it has the major disadvantage that it only works if every page is dynamically generated, since the whole point is that each session has a unique identifier.
  Servlets provide an outstanding technical solution: the HttpSession API. This is a high-level interface built on top of cookies or URL-rewriting. In fact, on many servers, they use cookies if the browser supports them, but automatically revert to URL-rewriting when cookies are unsupported or explicitly disabled. But the servlet author doesn't need to bother with many of the details, doesn't have to explicitly manipulate cookies or information appended to the URL, and is automatically given a convenient place to store data that is associated with each session.

• Session handle with PXI2503

  Hello
  I have created DLLs with Labwindows 7.0 on windows 2000 operating system. Those DLLs are used by another application developped with Powerbuilder software. I use this application to program PXI materials: MXI3 kit, PXI-1042 chassis, PXI2503, PXI6527 and PXI-GPIB. With my user profile, I can program those materials through the application I have implemented. The other users can't program PXI materials with my application. This application uses niSwitch_init function. When the application encounters this function, it can't establish a session handle. The session value is zero and the returned status code is BFFFA002B. Programming directly the PXI2503 card with NI examples woks with everybody.
  I would like to know if there is a link between user profile and programming PXI materials.
  Is there any solution to my problem?

  Hi,
  I answered a similar question on another thread in french.
  Actually, it is not usefull to duplicate questions (french & english) on the forum.
  Thanks in advance for that,
  Regards,
  David D.

• Implementing SingleThreadModel on a Servlet

  Can someone explain to me what are the implications of implementing SingleThreadModel on a Servlet?
  I have this servlets that serves images "on-the-fly" to the browsers, my first version was not implementing SingleThreadModel and was accessed mainly by XMLHttpRequest, assynchronously, but then i only had to get a image at a time to a given page.
  Now i have several images on a page, so it was starting giving problems, so i remove the assynchronous access and implemented SingleThreadModel, it seems ok but i wonder what the implications are.
  Should i create two servlets for one/many images? Should i not implement SingleThreadModel and take care of the threads myself? Or is ok using SingleThreadModel ?
  Thanks all

  The implications are that you make that servlet a bottleneck, because requests to it cannot run in parallel. The fix for this is not to handle threads for yourself. That is what the servlet container is for. The fix is to modify your servlet so that it is thread-safe. The first major step here is to stop using static and instance variables to store data, although I can't imagine why a servlet that serves out an image file would need to use variables in that way. There may be more complexities but if you understand threading properly you should be able to track them down.

• Best Practice for Implementing Exception Handling in BPEL

  Hi All,
  what is the best practice and the approach to follow Exception Handling in BPEL.
  1) Do we need to implement Exception Handling in BPEL as we do in Java, means
       method 3 throws error to method 2 (if any) and
       method 2 throws error to method 1 (if any) and
       finally method 1 throws error to the main Class.
  If we replicate the above scenario to BPEL
  In BPEL main Scope have Custom Fault, Catch ALL
       Each Invoke is surrounded by a Scope Activity with Remote Fault, Binding Fault & Custom Fault
  and follow the paradigm of Java, assuming we have Inner Scopes
       [ OR ]
  2) In BPEL main Scope have all exceptions defined like
       Remote Fault,
       Binding Fault,
       anyOther System Fault (selectionFailure / forcedTermination),
       Custom Fault (if required) and
       CatchALL
       and also
       each Invoke is surrounded by a Scopes Acitivity with Custom Fault (business fault) exception Handling
  I feel 1st one may not be a good practice, may be i am wrong...
  Any Suggestions from experts.
  Thanks in Advance
  anvv sharma

  Hi-
  In you can create different scope and use catch branch to catch binding, remote, custom faults, business faults etc. If an error happens in a scope it will not move to the next scope( eg: you have 3 scope, error occured in 2nd scope then it will not propogate to the 3rd scope. One thing to be noticed here is your transaction in the 1st scope doesnt gets commited when an error happens in 2d scope).
  You can have a catch all to catch error which are not being caught at catch level. So if any error happens which is not defined in catch block then then it will be caught in catch all branch.
  Edited by: 333333 on Apr 12, 2011 9:39 AM

• How to implement session varibles and how to use it

  how to implement session varibles and how to use it.ple help me

  Please see the below blog, Hope it helps!!!
  http://obieetraining11.blogspot.com/2012/06/create-initialization-block-for-session.html

• Again Session-Handling

  Hi there, one question about session-handling in JSP.
  I'm trying to set attributes in the JSP and afterwards get them back.
  No chance! They always vanish! Here is the code:
  <%@page contentType="text/html"%>
  <%@page import="java.util.*"%>
  <html>
  <head><title>JSP Page</title></head>
  <body>
  <%
  // Output of Session-Attributes
  for (Enumeration enum=session.getAttributeNames();enum.hasMoreElements();)
  String name2 = (String)enum.nextElement();
  String value2 = (String)session.getAttribute(name2);
  out.println(name2+":"+value2);
  // Set Attributes that I get from Form!
  String name = request.getParameter("name");
  String value = request.getParameter("value");
  if (name!=null)
  session.setAttribute(name,value);
  %>
  <form action="SessionTest.jsp" method=get>
  <input type=text name=name>
  <input type=text name=value>
  <input type=submit>
  </form>
  </body>
  </html>
  Really dont have a clue!
  Thx, ToM

  Works ok for me:
  Couple of suggestions: put the setting code, before the display code.
  That way you will see the pair that you just set in session ;-)
  Also try this:
  Session id = <%= session.getId() %> and see if it stays the same.
  If you are getting a different session every time, then its not maintaining the session.
  Common cause of session problem is: cookies are turned off.
  Either turn cookies on, or use URL rewriting:
  <form action="<%= response.encodeURL("SessionTest.jsp") %>">
  <%@page contentType="text/html"%>
  <%@page import="java.util.*"%>
  <html>
  <head><title>JSP Page</title></head>
  <body>
  <%
  // Set Attributes that I get from Form!
  String name = request.getParameter("name");
  String value = request.getParameter("value");
  if (name!=null)
  session.setAttribute(name,value);
  // Output of Session-Attributes
  for (Enumeration enum=session.getAttributeNames();enum.hasMoreElements();)
  String name2 = (String)enum.nextElement();
  String value2 = (String)session.getAttribute(name2);
  out.println(name2+":"+value2 + "<br>");
  %>
  <form action="SessionTest.jsp" method=get>
  <input type=text name=name>
  <input type=text name=value>
  <input type=submit>
  </form>
  </body>
  </html>Cheers,
  evnafets