Problem in session tracking?

Hi!
i am facing trouble while tracking a session inside my struts application,i am using following code snipit
public class MyRequestProcessor
extends RequestProcessor {
protected boolean processPreprocess (
HttpServletRequest request,
HttpServletResponse response) {
if(request.getServletPath().equals("/personalLoanIndex.do") ||
request.getServletPath().equals("/PersonalloanIndex.jsp") ){
UserProfile userProfile = new UserProfile();
userProfile.setUserName(request.getParameter("userName"));
userProfile.setUserPassword(request.getParameter("userPassword"));
if(userProfile.doesUserExists()){
HttpSession session = request.getSession();
System.out.println("session id is --------> "+session.getId());
session.setAttribute("userProfile",userProfile);
return true;
//If user is trying to access login page
// then don't check
if( request.getServletPath().equals("/loginAction.do")
|| request.getServletPath().equals("/login.jsp") )
return true;
//Check if userName attribute is there is session.
//If so, it means user has allready logged in
HttpSession session = request.getSession(false);
System.out.println("###############################################################");
System.out.println("---------> session id "+session.getId());
System.out.println("###############################################################");
if( session != null &&
session.getAttribute("userProfile") != null)
return true;
else{
try{
//If no redirect user to login Page
request.getRequestDispatcher
("/notLogedIn.jsp").forward(request,response);
}catch(Exception ex){
return false;
here i can not get the same session (session id is shown different) both in the first and second block . in first block i used HttpSession session = request.getSession(); coz i wanted to have current/new session each time this block is executed .in second block i used HttpSession session = request.getSession(false); coz i wanted to have same old session which i previously made in first block .i think there isn't anything wrong with it then where i is problem raised???i am stuck with this error .
NOTE : a strange behavior is that if a try to login my user from login page for the first time i get this problem,but if a try to login the user again from the same window/page i don't get this error and both the sessions from block1 and 2 are same :)
can you please help me in finding out what i am doing wrong here.
thanks in advance.

a little google would have saved you a lot of time. However here is an example
http://www.jsptut.com/Sessions.jsp

Similar Messages

  • Session Tracking problem

    I am doing session tracking in jsp. what my purpose is i want to stop the user, if the user is already logged in.
    For this, i am creating a Hashtable and entering the user id and session id as key- value pairs into the hashtable when the user is loggin in, if not in the hashtale. If these values are already in the hashtable, i am restricting the user.
    when the user selects the log out option, i am invalidating the session and deleting the values in the hash table. this is working fine.
    What my problem is suppose if the user closes the window, the session will be expired. but,i am not able to delete the values which are in the hashtable.
    and if the user is trying to log in, according to my logic it is allowing the user.
    Thanks
    Anupama

    i hope this would add-up to others' suggestion, albeit, i would recommend a bit change:
    Given:
    a. you're already implementing a session object that has pair value of user id and session id;
    b. you want to restrict a user who previously logged-in but, say he/she accidentally or intentionally closed the browser, thus leaving his session object in the hashtable
    Proposed Solution:
    a. change your pair value from user id-session id to user id-passwd;
    Explanation:
    a. i believe that you maintain a user bean (with session scope) all throughout the web application;
    b. i also believe that at the same time, you maintain other beans of the same scope, but that's out of question;
    c. putting a session id will give you difficulties in validating a common user that previously logged in because each time a user logs-on, you generate a unique session id;
    d. therefore, you cannot test equality of newly logged user and his new session id with that of his previous in the hashtable (if case pertains to abnormal browser termination);
    e. changing a pair to user id and passwd will enable you to really trap and test if the new user has unterminated or invalidated session in the hashtable;
    f. now, if previously logged user (with session still in the hastable) logs for the second time, you may invalidate his old session and give him a new session.

  • Session tracking and Internet Explorer

    Hi,
    I am currently maintaining a servlet application, on apache/jserv.
    This application implements a session tracking using a shared static hashtable of session data, associated with session id's.
    This application may open more than one client browser windows.
    With netscape, no problem.
    With Internet Explorer, since the version 6, when the client close at least one window, the session is closed.
    Thus, the application reject any new request from this client, sent by still open windows (session cannot be retrieved in the hashtable).
    Has somebody heard about this problem ?
    Thanks for any answer.

    Thanks.
    In fact, I believe that IE keeps the same session for
    child windows.
    The problem is: when you click on a link which open a
    new window, the new open window share the session with
    its parent window.
    When the new window is closed, the session is also
    closed.
    It appears that this mechanism only exists since the
    version 6 of IE.No. Earlier IE version handle session cookies the same way.

  • Can we use an overloaded constructor of a Java Bean with Session Tracking

    Hi Friends,
    If any one can solve my query.... It would be helpful.
    Query:
    I have a Java Bean with an overloaded constructor in it. I want to use the overloaded constructor in my JSP.
    1. One way of doing that is to use it directly in the "Scriptlets" (<% %>). But then I am not sure of the way to do session tracking. I think I can use the implicit objects like "session", "request" etc. but not sure of the approach or of the implementation method.
    2. Another way is through the directive <jsp: useBean>. But I cannot call an overloaded constructor with <jsp: useBean>. The only alternative way is to use the directive <jsp: useBean> where I have to write getter and setter methods in the Java Bean and use the <jsp: setProperty> and <jsp: getProperty> standard actions. Then with this approach I cannot use the overloaded constructor.
    Can any one suggest me the best approach to solve this problem ?
    Thanks and Regards,
    Gaive.

    My first reaction is that you can refactor your overloaded constructor into an init(arguments...) method. Instead of overloaded constructor, you can call that init method. This is the ideal solution if possible.
    As to the two choices you listed:
    1. This is OK, I believe. You can use scriplet to define the bean and put it into session scope of the pageContext. I am not sure exactly what you meant by session tracking; whatever you meant, it should be doable using HttpSessionAttributeListener and/or HttpSessionBindingListener.
    2. Agreed. There is no way that <jsp:useBean> can call a constructor that has non-empty arguments.
    Please tell me how it works for you.

  • How to use session tracking

    i am making shopping mall project .
    ist page conatins list of product avaiale
    2nd page contains list of manufacturuer avaible
    problem:-
    i want to display on 3rd page the product seleted by user in 1st page
    i used session tracking concept.but problem is the value is coming null in third page
    please tell me how to solve my problem

    If it is like a shopping cart, I suggest you to look for a good shopping cart examples available plenty online.
    But if its just about keeping session variables and using them the following works.
    Test with a simple example. Have three jsp files like a.jsp, b.jsp and c.jsp.
    put the following in a.jsp
    <% session.setAttribute("Mobile","Nokia");%>
    <%=session.getAttribute("Mobile")%>
    <a href="b.jsp">Go to B.jsp</a>Print the value of session variable - <%=session.getAttribute("Mobile")%> in b.jsp and c.jsp
    And in b.jsp have a link to c.jsp and so on. Once you set a session variable, it lives as long as your session doesnt expire.
    Try it. and also look for more session tracking examples online.
    Message was edited by:
    passion_for_java

  • Disable non-SSL session tracking?

    Hi, all,
    I wonder if one can disable all session tracking in JSP's whenever SSL is not being used? I would like to turn off all cookie-setting and URL-rewriting and use SSL-session tracking only (if I use session-tracking at all on a given page). I also want to specify this behavior programmatically (inside my JSP's) and not in my server's config files.
    I'm basically concerned that if my user leaves one of my HTTPS pages, they will still retain a non-secure cookie with their session information. This seems to be indeed the default behavior: when I run my tests and transition from an HTTPS page to an HTTP one, the browser does store a cookie. I know I can invalidate the session as the next step, but I'd rather have the cookie not being set altogether to begin with. Imagine the situation where the user leaves my HTTPS page for a totally different (HTTP) website: in this setting I won't get a chance to invalidate the session and delete the cookie.
    Any ideas, therefore, on how to programmatically disable non-SSL session-tracking?
    Thanks,
    Dmitri.

    I don't think you can do this programatically.
    However I also don't think it is a problem.
    Cookies are related to zone names aren't they?
    http://mysite and https://mysite are two different
    zones as far as cookies are concerned. One should
    not be able to see the other.
    It issues a new cookie for the http site you are just
    navigating to. That cookie has nothing to do with
    the secure site you just came from, and shouldn't be
    able to tell them any info about the secure site.
    I think you are worrying about something that isn't
    really there.
    What is your concern? That they pick up a JSESSIONID
    from the cookie and can then pretend to be a
    different user?Yes. A cookie is transmitted and stored unencrypted, I imagine (in any case, it should be more easily crackable than SSL). I wish Sun came up with an extension to the Session API where you would be able to explicitly specify which session-tracking protocols you want used and which ones you don't. At the moment their API abstracts and manages too much detail for you.
    I mean, if my site is supposed to be secure while I'm using SSL, then you'd expect that no information about those secure sessions should leak outside the SSL protocol, wouldn't you say?

  • What is session tracking in servlets?

    Hi ,
    I'm studying servlets I don't have the clear idea about session tracking and Why and where we need to use it. Can any one say about this.....
    Thanks in advance,
    Maheshwaran Devaraj

    Well Mheshpmr session tracking in servlets is very important...There are a number of problems that arise from the fact that HTTP is a "stateless" protocol. In particular, when you are doing on-line shopping, it is a real annoyance that the Web server can't easily remember previous transactions. This makes applications like shopping carts very problematic: when you add an entry to your cart, how does the server know what's already in your cart? Even if servers did retain contextual information, you'd still have problems with e-commerce. When you move from the page where you specify what you want to buy (hosted on the regular Web server) to the page that takes your credit card number and shipping address (hosted on the secure server that uses SSL), now let me tell you, how does the server remember what you were buying?
    Well There are three typical solutions to this problem.
    1. Cookies. You can use HTTP cookies to store information about a shopping session, and each subsequent connection can look up the current session and then extract information about that session from some location on the server machine. This is an excellent alternative, and is the most widely used approach. However, even though servlets have a high-level and easy-to-use interface to cookies, there are still a number of relatively tedious details that need to be handled:
    * Extracting the cookie that stores the session identifier from the other cookies (there may be many, after all),
    * Setting an appropriate expiration time for the cookie (sessions interrupted by 24 hours probably should be reset), and
    * Associating information on the server with the session identifier (there may be far too much information to actually store it in the cookie, plus sensitive data like credit card numbers should never go in cookies).
    2. URL Rewriting. You can append some extra data on the end of each URL that identifies the session, and the server can associate that session identifier with data it has stored about that session. This is also an excellent solution, and even has the advantage that it works with browsers that don't support cookies or where the user has disabled cookies. However, it has most of the same problems as cookies, namely that the server-side program has a lot of straightforward but tedious processing to do. In addition, you have to be very careful that every URL returned to the user (even via indirect means like Location fields in server redirects) has the extra information appended. And, if the user leaves the session and comes back via a bookmark or link, the session information can be lost.
    3. Hidden form fields. HTML forms have an entry that looks like the following: <INPUT TYPE="HIDDEN" NAME="session" VALUE="...">. This means that, when the form is submitted, the specified name and value are included in the GET or POST data. This can be used to store information about the session. However, it has the major disadvantage that it only works if every page is dynamically generated, since the whole point is that each session has a unique identifier.
    Servlets provide an outstanding technical solution: the HttpSession API. This is a high-level interface built on top of cookies or URL-rewriting. In fact, on many servers, they use cookies if the browser supports them, but automatically revert to URL-rewriting when cookies are unsupported or explicitly disabled. But the servlet author doesn't need to bother with many of the details, doesn't have to explicitly manipulate cookies or information appended to the URL, and is automatically given a convenient place to store data that is associated with each session.

  • How to Set URL-Based Session Tracking to No

    Dear BSP Gurus
    I am fairly new to BSP applications, but I am getting an error which goes "BSP exception: Access to URL /sap(bD1lbiZjPTEwMCZkPW1pbg==)/bc/bsp/sap/crm_ui_frame/ is forbidden" and notice some say they solved it by Setting URL-Based Session Tracking to No, so my question is how do I do that.
    Unless off course there is another way to solve my problem. Would greatly appreciate it.
    Awaiting your favorable response

    Hey Raja and Rajani
    I actually activated all the applications below SAP->BC->->SAP-> **(Application)*->  but still I am getting that error.
    When I then test the individual applications I get errors like
    "BSP Exception: Das Objekt default.htm in der URL /sap/bc/bsp/sap/bp_cont_main/default.htm?sap-client=100&sap-sessioncmd=open ist nicht gültig"
    I really have run out if ideas, I need your assistance, initially I thought it cd be the logical link coz the work centres appear fine then I tried to assign even standard business roles, its giving the same error.
    What do I do now?

  • Problem with sessions in Kate Editor

    Hey guys!
    I'm using Kate Editor to code and i'm having problems with sessions. If kate is open and I logout KDE, when I come back to KDE all my customizations in Kate's session (activated plugins, font size, etc) are lost.
    If I manually close Kate before logout from KDE, all the customizations are kept when a manually start Kate. I tried a lot of workarounds, but none worked.
    Is this a bug? Someone else with this issue?
    Thanks in advance!

    The Warning errors are simply because you don't have the tablespaces, users, and roles defined in your application system under the DB Admin tab. Unless it is important to you to capture the physical implementation of your tables exactly as well as the table definitions, you can safely ignore these. If the physical implementation IS important to you, then you need to create these tablespaces, roles and users under the database that you created under the DB Admin tab before you start the capture.
    The Error is because in the set of objects you are capturing there is a foreign key that references the table named "PLEASANT". This table must be among the objects that you are capturing, or must already be in a Table Definition in your application system in the repository.

  • Problem with Sessions in JSP

    Hi,
    I am working on a JSP based website, where I am facing problem with sessions. The user is asked to login by providing her id and password. If found correct, a bean is created and populated with all her details and placed in session scope. I plan to use the information stored in the bean on other related pages until she logs out.
    <jsp:useBean id="validUser" scope="session" class="UserBean" >
    <c:set target="${validUser}" property="userId" value="${fn:trim(dbValues.UserId)}" />
    <c:set target="${validUser}" property="userName" value="${fn:trim(dbValues.UserName)}" />
    </jsp:useBean>
    <c:redirect url="userHome.jsp" /> The user is presented her homepage - 'userHome.jsp', where she can find various links, like 'Update Profile', 'Pay Registration Fees', 'Book Room' etc. The information stored in the bean is available on 'userHome.jsp'page.
    <A HREF='userHome.jsp'>Home</A>
    <A HREF='editPersonal.jsp'>Update Profile</A>
    <A HREF='registrationFee.jsp'>Pay Registration Fees</A>
    <A HREF='bookRoom.jsp'>Book Room</A>
    <A HREF='logout.jsp'>Logout</A> The problems are:
    1. Whenever user clicks on any of the above mentioned links and moves to any page, the bean comes out as null.
    <%-- Verify that the user is logged in --%>
    <c:if test="${validUser == null}">
    <jsp:forward page="loginForm.jsp">
    <jsp:param name="origURL" value="${pageContext.request.requestURL}" />
    <jsp:param name="errorMsg" value="You must be logged in to access this site." />
    </jsp:forward>
    </c:if> 2. The URL shows an additional jsessionid, which my client doesn't want to see.
    3. On every click on any link, the value of this jsessionid changes.
    What I presume, when I am clicking on different links, my session changes, and so I am seeing a different jsessionid. And since session is changing, therefore the bean is not available in a different session.
    All this works fine with localhost, problem comes into picture, when I upload my pages to the server.
    Puzzled, can anyone help, where am I going wrong? Let me add here, I am new to JSP and hence don't have much resources with me.

    There are several ways sessions can be exchanged between the browser and the server in a j2ee web application.
    1. The default is through cookies. However when the client does not accept cookies, the server appends the session id to the url.
    2. Some servers also facilitate session information exchange using session id in the url even if the client does accept cookies. This is usually ahieved through a setting in some server configuration file.
    You will have to find out why the server in your application is appending the session id to the url.
    Whatever be the case, the server should be able to look up the session from the incoming request (be it from the session id in the url or a session cookie).
    When session information is exchanged through the JSESSIONID in the url, you should ensure that each and every url that goes to the server has this input parameter. To do that all links and form post urls in your servlet/jsp should be treated with a call to encodeURL().
    For example, in a jsp
       <a href = "<%=response.encodeURL("/nextJsp.jsp")%>">Click here </a>
    or
       <form action = "<%=response.encodeURL("/nextJsp.jsp")%>">
       </form>etc.
    ram.

  • Problem with Sessions, Servlets, Netscape and Solaris

    We are experiencing a problem that is confounding and frustrating us (I have
              a felling that it is something exremely minor that we are overlooking).
              Here goes:
              Context:
              The problem only occurs when using a netscape browser against weblogic
              4.51running on our Solaris 7 box (Everything works fine through IE, and
              through both browsers against our development machines which are on NT)
              Problem:
              We have a bunch of JSP pages and servlets that are used togehter throughout
              our site. They both manage session information for the user. What is
              happening is that there is no problem maintaining session information among
              all the JSP pages, but when we hit a servlet that we use to stream graphs
              back to the browser, it gets the session but it has no contents all of a
              sudden. What seems to be even more strange is that the session is not
              tagged as new (by checking isNew()), it is just empty of the contents that
              were placed it by the JSP pages. Again, this is only occurring from
              Netscape browsers against our Solaris server.
              If anyone can provide any help it would be greatly appreciated. I can
              provide more details if need be.
              Jeremy
              

    There is a property in the weblogic.properties file that lets you set
              the cookie name. If this isn't set, the port will be appended as part of
              the name. I've had a similar problem switching between http and https
              and losing sessions.
              Carles
              Jeremy wrote:
              >
              > in the link tothe servlet the URL had a :80 in it. This was because the url
              > was generated by a JSP page so that when it was moved from server to server
              > and port to port the code wouldn't have to be changed. Unfortuneately,
              > Netscape sucks and takes this to mean that x.x.x.x and x.x.x.x:80 are
              > different and won't acknowledge the cookie from the JSP pages (x.x.x.x) to
              > the servlet (x.x.x.x:80). Thanks fpr your help.
              >
              > Jeremy <[email protected]> wrote in message
              > news:[email protected]...
              > > my mistake, it appears to always happen on port 80 regardless of the
              > server
              > > it is on.
              > >
              > > Jeff Martin <[email protected]> wrote in message
              > > news:[email protected]...
              > > > It really sounds like your servlet is making a new session, even though
              > > > isNew() doesn't say so. What you might try to do is use session.getId()
              > > > to print out the session ID from your jsp pages as well as your servlets
              > > > to determine if it really is a new session.
              > > >
              > > > Do your servlets and JSPs both use the same scheme (http or https) or
              > > > cookie.setSecure()? Do your cookies use domains or paths in either
              > > > servlets or jsps (cookies can be restricted to certain subdirectories
              > > > which might be different between jsps and servlets)? Are you testing
              > > > through a proxy or firewall, or does either browser have different proxy
              > > > settings than the others?
              > > >
              > > > Jeff
              > > >
              > > > Jeremy wrote:
              > > > >
              > > > > We are experiencing a problem that is confounding and frustrating us
              > (I
              > > have
              > > > > a felling that it is something exremely minor that we are
              > overlooking).
              > > > > Here goes:
              > > > >
              > > > > Context:
              > > > > The problem only occurs when using a netscape browser against weblogic
              > > > > 4.51running on our Solaris 7 box (Everything works fine through IE,
              > and
              > > > > through both browsers against our development machines which are on
              > NT)
              > > > >
              > > > > Problem:
              > > > > We have a bunch of JSP pages and servlets that are used togehter
              > > throughout
              > > > > our site. They both manage session information for the user. What is
              > > > > happening is that there is no problem maintaining session information
              > > among
              > > > > all the JSP pages, but when we hit a servlet that we use to stream
              > > graphs
              > > > > back to the browser, it gets the session but it has no contents all of
              > a
              > > > > sudden. What seems to be even more strange is that the session is not
              > > > > tagged as new (by checking isNew()), it is just empty of the contents
              > > that
              > > > > were placed it by the JSP pages. Again, this is only occurring from
              > > > > Netscape browsers against our Solaris server.
              > > > >
              > > > > If anyone can provide any help it would be greatly appreciated. I can
              > > > > provide more details if need be.
              > > > >
              > > > > Jeremy
              > >
              > >
              

  • Problem removing session attributes

    I have a problem removing session attributes
    I try w/ mysession.removeAttribute("key");
    but it still lives in memory. I've tried setAttribute("key", null) as the API states that will do the same thing, but it doesn't work.
    I can get mysession.invalidate() to work, but I want to keep some of the attributes there, while removing another.
    I get no exceptions and no errors.
    Help.
    Running Tomcat 4
    jre 1.3.1

    Actually,
    response.addHeader("Expires", "-1");should be enough.
    The browser should then contact the Web server for updates to that page via a conditional If-Modified-Since request. You don't want a cache disabling 'overkill', since you'd still want the page to remain in the disk cache and used in appropriate situations without contacting the remote Web server, such as when the BACK and FORWARD buttons are pressed...
    Anyway, try this first, and if it doesn't solve your problem, add the other cache-disabling headers, as outlined in the previous post.
    If you're using JSP, verify also that your page has
    <%@ page session="true"%>

  • URL Session Tracking

    Hi,
    i want to make a group of JSP pages in a Web App, but assuming that the browser doesn't accept cookies.
    Is there anyway that i don't have to indicate every link as
    response.encodeUrl("index.jsp")I've heard something about a <url-session-tracking/> tag, but i've tried to put in the web.xml file, but it doesn't work.
    I just want to put Index and the App Server takes care of putting the jsessionid info in front of the url
    Thank you

    Cancelling this question.

  • Screen Resolution Problem in Session Method

    Hi
    I want to use session method in BDC. How to resolve screen resolution problem in Session Method?
    Please give me the code or steps regarding this.
    Thanks & Regards
    venkateswararao

    Hi
    U can only run the session with the option Dynpro Standard Size setted.
    In this way the system should be use the same resolution for every situation.
    Max

  • How to do session tracking in JSP

    I want to do session tracking in my JSP pages.Say once after the user logs in,on every page I can get his username for further use.Thank you for your help!
    Richard

    <%
    session.setAttribute("svUserName", request.getParameter("name_of_username_form_field"));
    // from the login page
    %>
    then to retrieve,
    <% String UserName;
    UserName = (String)session.getAttribute("svUserName").toString(); %>
    to display,
    <%= UserName %>

Maybe you are looking for

  • Why won't illustrator Cs5 allow me to copy and paste layers when they aren't locked?

    I am working on a project and when I try to copy and paste unlocked layers to paste them in to another image it doesn't paste. The only thing it pastes is the text unformatted. I tried resetting the settings by removing the setting file to see if I c

  • Xml digital signature api

    hello Has anyone tried to use the xml digital signature api on an application deployed on appserver 8.2 bundled with stucio? I am trying to,,but it seems i cannot work it out,.Here is what i do,,i ve built a sample application where when i clik a but

  • Can i get a phone number  for someone to help me right now

    my phone turned himself off and come up a message its been lost. please help

  • Perfromance tuning question

    Hi, Im using oracle 10g,and solaris From the AWR report , in the Top 5 wait events it is mentioned Event Time(s) % Total Call Time CPU time 4,477 86.8 Can anyone explain how to reduce it..Please help Thanks

  • Trying to purchase £27.34 per month package

    Asked: Want to take advantage of our promo for this product? Please contactCustomer Support to see if you qualify. Keep ending up back at Packages page. How do I break this loop?