Problem with Sessions in Servlets
Hi,
I'm having a problem with sesions with servlets. It seems that if someone logs into my website, which is running on all servlets, while another person is logged on, the second person gets the session of the first person.
I'm using
HttpSession session = request.getSession(true);to get the session in each page. The session contains a user object which shows if the user is logged in and what permissions.
The session should be unique to the client computer right? Or am I jsut screwing this up big time?
Yes, each client will have their own session. However, you may be testing incorrectly:
In Firefox, for example, all instances of the application running on the same machine will share the same cookies, therefore the same session, and would be considered one client.
MS IE will do the same if you use File - New to open a new wondow rather than clicking on the desktop icon.
If the different clients are using different machines and still getting shared data, then you may be using class-level variables in the servlet, which would not be thread safe and could lead to your problems...
public class MyServlet extends HttpServlet {
String data; //bad
int moredata; //bad
public void doGet(...) ... { ... }
}
Similar Messages
-
Hi,
I am working on a JSP based website, where I am facing problem with sessions. The user is asked to login by providing her id and password. If found correct, a bean is created and populated with all her details and placed in session scope. I plan to use the information stored in the bean on other related pages until she logs out.
<jsp:useBean id="validUser" scope="session" class="UserBean" >
<c:set target="${validUser}" property="userId" value="${fn:trim(dbValues.UserId)}" />
<c:set target="${validUser}" property="userName" value="${fn:trim(dbValues.UserName)}" />
</jsp:useBean>
<c:redirect url="userHome.jsp" /> The user is presented her homepage - 'userHome.jsp', where she can find various links, like 'Update Profile', 'Pay Registration Fees', 'Book Room' etc. The information stored in the bean is available on 'userHome.jsp'page.
<A HREF='userHome.jsp'>Home</A>
<A HREF='editPersonal.jsp'>Update Profile</A>
<A HREF='registrationFee.jsp'>Pay Registration Fees</A>
<A HREF='bookRoom.jsp'>Book Room</A>
<A HREF='logout.jsp'>Logout</A> The problems are:
1. Whenever user clicks on any of the above mentioned links and moves to any page, the bean comes out as null.
<%-- Verify that the user is logged in --%>
<c:if test="${validUser == null}">
<jsp:forward page="loginForm.jsp">
<jsp:param name="origURL" value="${pageContext.request.requestURL}" />
<jsp:param name="errorMsg" value="You must be logged in to access this site." />
</jsp:forward>
</c:if> 2. The URL shows an additional jsessionid, which my client doesn't want to see.
3. On every click on any link, the value of this jsessionid changes.
What I presume, when I am clicking on different links, my session changes, and so I am seeing a different jsessionid. And since session is changing, therefore the bean is not available in a different session.
All this works fine with localhost, problem comes into picture, when I upload my pages to the server.
Puzzled, can anyone help, where am I going wrong? Let me add here, I am new to JSP and hence don't have much resources with me.There are several ways sessions can be exchanged between the browser and the server in a j2ee web application.
1. The default is through cookies. However when the client does not accept cookies, the server appends the session id to the url.
2. Some servers also facilitate session information exchange using session id in the url even if the client does accept cookies. This is usually ahieved through a setting in some server configuration file.
You will have to find out why the server in your application is appending the session id to the url.
Whatever be the case, the server should be able to look up the session from the incoming request (be it from the session id in the url or a session cookie).
When session information is exchanged through the JSESSIONID in the url, you should ensure that each and every url that goes to the server has this input parameter. To do that all links and form post urls in your servlet/jsp should be treated with a call to encodeURL().
For example, in a jsp
<a href = "<%=response.encodeURL("/nextJsp.jsp")%>">Click here </a>
or
<form action = "<%=response.encodeURL("/nextJsp.jsp")%>">
</form>etc.
ram. -
Problem with sessions in Kate Editor
Hey guys!
I'm using Kate Editor to code and i'm having problems with sessions. If kate is open and I logout KDE, when I come back to KDE all my customizations in Kate's session (activated plugins, font size, etc) are lost.
If I manually close Kate before logout from KDE, all the customizations are kept when a manually start Kate. I tried a lot of workarounds, but none worked.
Is this a bug? Someone else with this issue?
Thanks in advance!The Warning errors are simply because you don't have the tablespaces, users, and roles defined in your application system under the DB Admin tab. Unless it is important to you to capture the physical implementation of your tables exactly as well as the table definitions, you can safely ignore these. If the physical implementation IS important to you, then you need to create these tablespaces, roles and users under the database that you created under the DB Admin tab before you start the capture.
The Error is because in the set of objects you are capturing there is a foreign key that references the table named "PLEASANT". This table must be among the objects that you are capturing, or must already be in a Table Definition in your application system in the repository. -
Hi, i have problem with session manager's session files. The problem is: the submitted storage data from firefox which is put between "storage":{ and its matching closing brace } But in some of my session files there is non equal { and } under storage's braces. I need to get storage data but in my case it is very hard to do. My question is there any char put before or after { and } like /{ or \{ to avoid confusion? If there is not such thing, i think there could be different solution but i am not sure: i look couple of my session files; after "storage":{...} there is ,_"formDataSaved" so i can get storage data in this example ... by looking between "storage":{ and ,"_formDataSaved" easily. Is there every time ,"_formDataSaved" after "storage":{ ? Thank you.
Well, it seems waiting is not my strong suit..! I renamed a javascript file called recovery to sessionstore. This file was in the folder sessionstore-backups I had copied from mozilla 3 days ago, when my tabs were still in place. I replaced the sessionstore in mozilla's default folder with the renamed file and then started mozilla. And the tabs reappeared as they were 3 days ago!
So there goes the tab problem. But again when I started mozilla the window saying "a script has stopped responding" appeared, this time the script being: chrome//browser/contenttabbrowser.xml2542
If someone knows how to fix this and make firefox launch normally, please reply! Thank you -
Servlets - problem with session
Hi there ppl,
I have a login servlet which is called form a link in a static html page. The doGet() method is as below:
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, java.io.IOException
HttpSession session = public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, java.io.IOException
HttpSession session = request.getSession(false);
RequestDispatcher rd = request.getRequestDispatcher("/login.jsp");
response.setContentType("text/html");
//PrintWriter out = response.getWriter();
if(session != null){
//display members page(with users name as a welcome)
System.out.println("in login servletb");
else{
System.out.println("in login servlet");
request.setAttribute("membersName", "adom");
rd.forward(request, response);
//out.close();
RequestDispatcher rd = request.getRequestDispatcher("/login.jsp");
if(session != null){
//display members page(with users name as a welcome)
System.out.println("session exists");
else{
System.out.println("session not exisit");
request.setAttribute("membersName", "adom");
rd.forward(request, response);
Problem is when i click on the link in the html page it goes into tthe else statement and displays the login.jsp page fine. But when i click bak on the browser and then click the link agian it goes into the if statemtn..as if a session exists. But why does a session exisit???...if i use request.getSession(false) this shouldnt create a session if one doent already exists so where is this mysterious session being created??
any ideas would be greatly appreaciated
Mycallyer i do need the session because in my doPost() method of the servlet i create a session once the user logs on with there login/pass. The doGet() method is only to direct the person to the login page. But i want to check for the session in the doGet() incase they have already login in...if so direct them to the main page rather than to the login page agian.
I stuffed up the code in my previous post...everything compiles and works fine apart from the fact that a session is created when it shouldnt be. I did a test println with session.getCreationTime() and it was created the same time the servlet was initial called. However im not sure if it was created by my servlet or if the broswer somehow had something to do with it....hmm is a worry.
Heres the code again...hopefully a bit neater for u :D
public void doGet(HttpServletRequest request, HttpServletResponse reponse)throws ServletException, java.io.IOException{
HttpSession session = request.getSession(false);
RequestDispatcher rd = request.getRequestDispatcher("/login.jsp");
if(session != null){
//display members page(with users name as a welcome)
System.out.println("session exists");
else{
System.out.println("no session");
request.setAttribute("membersName", "adom");
rd.forward(request, response);
thanks agian :) -
Problem with Sessions, Servlets, Netscape and Solaris
We are experiencing a problem that is confounding and frustrating us (I have
a felling that it is something exremely minor that we are overlooking).
Here goes:
Context:
The problem only occurs when using a netscape browser against weblogic
4.51running on our Solaris 7 box (Everything works fine through IE, and
through both browsers against our development machines which are on NT)
Problem:
We have a bunch of JSP pages and servlets that are used togehter throughout
our site. They both manage session information for the user. What is
happening is that there is no problem maintaining session information among
all the JSP pages, but when we hit a servlet that we use to stream graphs
back to the browser, it gets the session but it has no contents all of a
sudden. What seems to be even more strange is that the session is not
tagged as new (by checking isNew()), it is just empty of the contents that
were placed it by the JSP pages. Again, this is only occurring from
Netscape browsers against our Solaris server.
If anyone can provide any help it would be greatly appreciated. I can
provide more details if need be.
Jeremy
There is a property in the weblogic.properties file that lets you set
the cookie name. If this isn't set, the port will be appended as part of
the name. I've had a similar problem switching between http and https
and losing sessions.
Carles
Jeremy wrote:
>
> in the link tothe servlet the URL had a :80 in it. This was because the url
> was generated by a JSP page so that when it was moved from server to server
> and port to port the code wouldn't have to be changed. Unfortuneately,
> Netscape sucks and takes this to mean that x.x.x.x and x.x.x.x:80 are
> different and won't acknowledge the cookie from the JSP pages (x.x.x.x) to
> the servlet (x.x.x.x:80). Thanks fpr your help.
>
> Jeremy <[email protected]> wrote in message
> news:[email protected]...
> > my mistake, it appears to always happen on port 80 regardless of the
> server
> > it is on.
> >
> > Jeff Martin <[email protected]> wrote in message
> > news:[email protected]...
> > > It really sounds like your servlet is making a new session, even though
> > > isNew() doesn't say so. What you might try to do is use session.getId()
> > > to print out the session ID from your jsp pages as well as your servlets
> > > to determine if it really is a new session.
> > >
> > > Do your servlets and JSPs both use the same scheme (http or https) or
> > > cookie.setSecure()? Do your cookies use domains or paths in either
> > > servlets or jsps (cookies can be restricted to certain subdirectories
> > > which might be different between jsps and servlets)? Are you testing
> > > through a proxy or firewall, or does either browser have different proxy
> > > settings than the others?
> > >
> > > Jeff
> > >
> > > Jeremy wrote:
> > > >
> > > > We are experiencing a problem that is confounding and frustrating us
> (I
> > have
> > > > a felling that it is something exremely minor that we are
> overlooking).
> > > > Here goes:
> > > >
> > > > Context:
> > > > The problem only occurs when using a netscape browser against weblogic
> > > > 4.51running on our Solaris 7 box (Everything works fine through IE,
> and
> > > > through both browsers against our development machines which are on
> NT)
> > > >
> > > > Problem:
> > > > We have a bunch of JSP pages and servlets that are used togehter
> > throughout
> > > > our site. They both manage session information for the user. What is
> > > > happening is that there is no problem maintaining session information
> > among
> > > > all the JSP pages, but when we hit a servlet that we use to stream
> > graphs
> > > > back to the browser, it gets the session but it has no contents all of
> a
> > > > sudden. What seems to be even more strange is that the session is not
> > > > tagged as new (by checking isNew()), it is just empty of the contents
> > that
> > > > were placed it by the JSP pages. Again, this is only occurring from
> > > > Netscape browsers against our Solaris server.
> > > >
> > > > If anyone can provide any help it would be greatly appreciated. I can
> > > > provide more details if need be.
> > > >
> > > > Jeremy
> >
> >
-
Problem with logout in servlet After logging out i need to expire the pages
I have a problem in logout using servlet.
I introduced sessions in my page and while logout i used
session.removeAttribute("name");
session.removeAttribute("password");
res.setHeader("Cache-Control","no-store"); //Directs caches not to store the page under any circumstance
res.setDateHeader("Expires", 0); //Causes the proxy cache to see the page as "stale"
res.setHeader("Pragma","no-cache"); //HTTP 1.0 backward compatibility
String user=(String)session.getAttribute("name");
System.out.println(user);
if(user==null)
System.out.println("hi");
req.setAttribute("Error", "Session has ended. Please login.");
res.sendRedirect("http://localhost:8080/homepage.html");
and after i logout im redirected to login page but after clicking back button im getting back to restricted pages(the pages b4 logout).
what should i do?????Thanks Dear BalusC,
I tried with this,
rs.getString("DATA_SCAD1")// where the source from .xls files
String pattern = "yyyy-MM-dd";
SimpleDateFormat format = new SimpleDateFormat(pattern);
try {
Date date = format.parse("DATA_SCAD1");
System.out.println(date);
} catch (ParseException e) {
e.printStackTrace();
System.out.println(format.format(new Date()));
this out put gives me Tue Apr 03 00:00:00 IST 2007
But I want to display the date format in yyyy-mm-dd.
regards,
maza -
Problem with session while sending a multipart-form (a file via post)
I have a problem with the communication between my applet and my server. I use a method to post an xml to my server with the Content-Type "application/x-www-form-urlencoded" and with it I'm not having any problem to preserve the session.
However I use another method I found in the forums to post files and try to adapt it, but I'm being send from the server to the login page because it's not recognizing my session
Can anybody help me? This is my method
public String uploadFile(String adr, BufferedImage img) {
String res = "";
String CONTENT_BOUNDARY = "--abvx98734732";
String s;
File f = null;
URL url;
URLConnection conn;
try {
url = new URL(adr);
conn = url.openConnection();
conn.setDoOutput(true);
conn.setRequestProperty("Content-Type",
"multipart/form-data; boundary=" + CONTENT_BOUNDARY);
conn.setRequestProperty("file-Name", "process_image.jpg");
DataOutputStream wr = new DataOutputStream(conn.getOutputStream());
wr
.write(("--"
+ CONTENT_BOUNDARY
+ "\r\n"
+ "Content-Disposition: form-data; name=\"fileData\"; filename=\""
+ "process_image.jpg" + "\"\r\nContent-Type: image/jpg\r\n\r\n")
.getBytes());
ImageIO.write(img, "jpg", wr);
wr.write(("\r\n--" + CONTENT_BOUNDARY + "--\r\n").getBytes());
wr.flush();
BufferedReader in = new BufferedReader(new InputStreamReader(conn
.getInputStream()));
while ((s = in.readLine()) != null) {
res += s;
in.close();
catch (MalformedURLException muo) {
muo.printStackTrace();
catch (IOException io) {
io.printStackTrace();
return res;
}This is how I preserve session in my other method:
private static final String SESSION_KEY = "_session_id";
URLEncoder.encode(SESSION_KEY, "UTF-8") + "=" +
URLEncoder.encode(sessionId, "UTF-8");
wr.writeBytes(content);
....Yes, the only way is to pass the value u want in the query string. But make sure that the value is not too large.
In case you have too much info i guess the only way is to circumvent multipart and handle the process in your own custom class, which wont be worth the effort if u need pass only 2-3 small parameters.
Always,
Leo.
Hi,
Before I upload a file, I want to get a few parameter
values (getParameter) on the form first. I've tried
using com.oreilly.servlet MultipartRequest and a few
other free servlets but they require that the file
must to be uploaded first. For example:
MultipartRequest multi = new
MultipartRequest(request,filepath, 10*1024*1024);
//this will instantiate the object and upload the
file
String command = multi.getParameter("command"); //get
the form parameter
Is there any way I can get the parameter first before
uploading the file? I truly appreciate any helps you
can provide me.
Regards,
Lily -
Problem with form or servlet???
hello..
i am trying to send some form data to a servlet for processing..
here is the code for the form
<table border="0">
<form action="details.upd" method="post" name="upd">
<tr><td>Username</td><td><input name="uname" type="text" size="25" maxlength="30"
value=<%=session.getAttribute("user") %> /></td>
</tr>
<tr>
<td>password</td><td><input name="pass" type="password" size="25" maxlength="30" />
</td></tr>
<tr><td>confirm password</td><td><input name="pass2" size="25" maxlength="30" type="password"/></td></tr>
<tr><td>Email</td><td><input name="mail" type="text" size="25" maxlength="30"
value=<%=session.getAttribute("EMAIL") %> /></td></tr>
<tr><td align="center"><input name="submit" type="button" value="Update" /></td></tr>
<tr><td align="center"><input name="ch" type="hidden" value="det"/></td></tr>
</form>
</table>
here is the web.xml entry for my compiled servlet
<servlet>
<servlet-name>update</servlet-name>
<description>
Servlet used for updates sent from landlord sessions
</description>
<servlet-class>UpdateServlet</servlet-class>
<load-on-startup>5</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>update</servlet-name>
<url-pattern>*.upd</url-pattern>
</servlet-mapping>
the problem is that when i click the submit button to send the data, nothing happens....absolutely nothing. the page just stays as it is...please can u spot any fatal error in the code?
I have looked and looked without success..please helpyeah..i solved that.. but now i am getting another
problem...
why does this code...
Stringuser=(String)session.getAttribute("user");
gives me a class cast exception????
please helpBecause the object named "user" in your session isn't
a String.ok...thks -
Problem with running multiple servlet in same webapplication with tomcat 3
Hi all,
I am using Tomcat 3.0 as webserver with jdk1.3, Servlet 2.0,
Templates for html file and oracle 8i on UNIX platform.
I have problem with multiple servlet running same webapplication.
There are two servlet used in my application. 1) GenServlet.class
and 2) ServletForPrinting.class
All of my pages go through GenServlet.class which reads some property files
and add header and footer in all pages.
I want reports without header & footer that is not possible through GenServlet in my application.
So I have used another servlet called ServletForPrinting --- just for reading html file.
It is as follow:
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class ServletForPrinting extends HttpServlet {
public void service (HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException
// set content-type header before accessing the Writer
response.setContentType("text/html");
PrintWriter out = response.getWriter();
File f1 = null;
String report = null;
String path = request.getPathInfo();
try{
String p = "/var/home/latif/proj/webapps/WEB-INF/classes" + path;
System.out.println(p);
f1 = new File(p);
p = null;
if (f1.exists()) {
FileReader fr = new FileReader(f1);
BufferedReader br = new BufferedReader(fr);
report = new String();
while ((report = br.readLine()) != null) {
out.println(report);
}catch(Exception e) {
out.close();
report = null;
path = null;
f1 = null;
} // end class
It works fine and display report properly.
But now Problem is that if report is refreshed many times subsequently,
WebServer will not take any new change in any of java file used in web-application.
It works with the previous class only and not with updated one.
Then I need to touch it. As soon as I touch it, webserver will take updated class file.
Anybody has any idea regarding these situation?
Is there any bug in my ServletForPrinting.java ?
Any solution ????? Please suggest me.
Suggestion from all are invited. That will help me a lot.
Thanks in advance
Deepalee.Llisas wrote:
I solved the problem, I just had to wire the blocks in a sequential way (I still don't know why, but it works).
Feel free to delete this topic.
I would strongly suggest at least reading this tutorial to give you an idea of why your fix worked (or maybe only appeared to work). Myself, I never just throw up my hands and say, "Whatever," and wash my hands of the situation without trying my best to understand just what fixed it. Guranteed you'll run into the same/similar problem and this time your fix won't work.
Please do yourself a favor and try to understand why it is working now, and save yourself (or more likely, the next poor dev to work on this project) some heartache.
Bill
(Mid-Level minion.)
My support system ensures that I don't look totally incompetent.
Proud to say that I've progressed beyond knowing just enough to be dangerous. I now know enough to know that I have no clue about anything at all. -
Purchased ColdFusion 10: Having problem with session variables
My Dept. has just bought CF10 and I'm finally updating my existing web app to CF10 from CF8. My First Problem with CF10 is using session variables.
When using the lower version of CF (since CF 4 to 8) I have never had any problem setting up session variables and getting or using these variables in other pages after a successful login but with CF 10 it seems setting session variables and using them in other pages are a major problems. I'm not sure where have I done wrong in the codes.
First I'm setting the session in my Application.cfc This way:
<cfcomponent displayname="Application" output="true">
<cfset THIS.Name ="MyNewApp"/>
<cfset THIS.ApplicationTimeout = CreateTimeSpan(0,0,20,0) />
<cfset THIS.SessionManagement ="YES"/>
<cfset THIS.SessionTimeout = CreateTimeSpan( 0, 0, 20, 0 ) />
<cfset THIS.SetClientCookies = false />
<cffunction name="OnApplicationStart" access="public" returntype="boolean" output="false">
<cfset application.Main_DSN = "TESTDB">
<cfreturn true />
</cffunction>
<cffunction name="onApplicationEnd" output="false">
<cfargument name="applicationScope" required="true">
</cffunction>
<cffunction name="OnSessionStart" access="public" returntype="void" output="false" hint="Fires when user session initializes.">
<cfset session.loggedin = "NO">
<cfset session.username = "">
<cfset session.userrights = "">
<cfset session.usergroup = "">
</cffunction>
</cfcomponent>
After login, user is validated and set values to those session.variables:
........user validation codes here......................
<cfif mylogin NEQ true>
<cflocation url="/login/login.cfm">
<cfabort
<cfelse>
<cfset session.loggedin="Yes">
<cfset session.username="#Trim(Form.username)#">
<CFSET qUserRights = LoginObj.getUserRights('#Trim(Form.username)#')>
<cfset session.userrights = qUserRights><!--- it's a query --->
<CFSET qUserGroup = LoginObj.getUserGroup('#Trim(Form.username)#')>
<cfloop query="qUserGroup">
<cfset session.usergroup = user_group>
<cfbreak>
</cfloop>
<!--- ****************** ???????????????????????????????????????????????????????????????????????????
When I do cfdump in at this level, I can see that all of these session variables have been assigned to their values.
But these session variables are not accessible from other pages. Other pages still show these session variable without its value.
So, when I use these cfdumps in the index.cfm it is shown as they're not yet assigned with any values ****************** --->
<cfdump var="#session.loggedin#">
<cfdump var="#session.username#">
<cfdump var="#session.userright#">
<cfdump var="#session.usergroup#">
</cfif>
In index.cfm, Before Login I got:
session.loggedin = NO
session.username = ["empty string"]
session.userrights = ["empty string"]
session.usergroup = ["empty string"]
After a successful Login:
session.loggedin = NO
session.username = ["empty string"]
session.userrights = ["empty string"]
session.usergroup = ["empty string"]
Have I done something wrong? These codes work on CF8. Please help.
I need to mentioned:
CF10 is in Linux and my web app is under https not http. But these session variables should be shared bentween http and https because some older application are still in http.On which page is the following code?
After login, user is validated and set values to those session.variables:
........user validation codes here......................
<cfif mylogin NEQ true>
<cflocation url="/login/login.cfm">
<cfabort
<cfelse>
<cfset session.loggedin="Yes">
<cfset session.username="#Trim(Form.username)#">
<CFSET qUserRights = LoginObj.getUserRights('#Trim(Form.username)#')>
<cfset session.userrights = qUserRights><!--- it's a query --->
<CFSET qUserGroup = LoginObj.getUserGroup('#Trim(Form.username)#')>
<cfloop query="qUserGroup">
<cfset session.usergroup = user_group>
<cfbreak>
</cfloop>
<!--- ****************** ???????????????????????????????????????????????????????????????????????????
When I do cfdump in at this level, I can see that all of these session variables have been assigned to their values.
But these session variables are not accessible from other pages. Other pages still show these session variable without its value.
So, when I use these cfdumps in the index.cfm it is shown as they're not yet assigned with any values ****************** --->
<cfdump var="#session.loggedin#">
<cfdump var="#session.username#">
<cfdump var="#session.userright#">
<cfdump var="#session.usergroup#">
</cfif> -
Problem with Sessions and window.open
Hi,
Hi everyone,
Help Please!!!
I am working with Sevlet session objects and HTML forms and windows. I have an HTML form for the user to supply a username and password. Once the user clicks submit I need to open another browser window that has no toolbar, no location, no status bar, etc. The user should also be able to go back to that login screen and login again and open a 2nd, 3rd, etc. instance of the application. My problem is that each application is being asigned the same sessionId. I believe it is being asigned to the main login window and thus to the other child windows it opens. Is there a way to work around this? Do I need to make the user open another browser window to login? I need to be able to let the user open multiple instances of the application with unique session ids for each.
Any insight is GREATLY appreciated on this topic. Anything you can tell me about sessions (Java), IE, window.open would help greatly!
THANK YOU IN ADVANCE!!!
MATo achieve this, you must introduce another level of
abstraction to the Servlet specifications. When you
work with JSP/Servlets you use mostly the HttpSession
to handle user related tasks, and the aplication
context, for things that are common to all users. But
inside the HttpSession scope, you want to create
containers that have 'smaller' scope and are uniquely
identified.
A ipothetical scenario :Let's say that you must have
multiple connections to several databases, on each
database user rights beeing diferrent, and you must be
able to track user actions globaly, and eventualy
capture a 'Close Application event' and close all db.
connections.
1. when the user first accesses the login frame create
the HttpSession. In the HttpSession object, store a
Hastable (let's call it 'ConnectionTable'). Each
object in the Hashtable must identify uniqely a
database connection. Now, to create unique identifiers
ids, make the keys in the hashtable java.lang.Long
objects, created using System.getCurrentTimeMillis().
This guaranties there will be no possible confusion.
From each new open window, on each request to the
server, along with the usefull parameters, send the
connection identifier. When proccessing the request,
select the object from the Hastable wich corresponds
to the ID.
2. Now, the values in the ConnectionTable, must act as
the containers that I mentioned in the first
paragraph. The simplest way to do this is to have
again a Hashtable derived class to do the job, wich
exploses methods similar to HttpSession: setAttibute (
Object key, Object value) and getAttibute ( Object
key, Object value). This container may use internally
a Hashtable to store object, and explose only the
getAttribute and setAttribute methods for clarity. Any
way, this is a problem of implementation. Let's call
this class CustomSession.
Now, a textual activity diagram:
1 user accesses the main page, you start a new
HttpSession; In the HttpSession object, store the
ConnectionTable object.
2. the user enters the userID and pwd and adatabase
name, and a new window is opened. Let's supose the
data entered is valid.
3. when you process the login data, you create a new
CustomSession object. you put in it whatever you would
put in your HttpSession. You generate a unique
identifier using System.CurrentTimeMillis(). Put the
CustomSession object in the ConnectionTable, using the
generated id as key. Send the response.
..... later on .....
100. the user asks for a particular action to be
performed - e.g. a row deletion. The page contains a
form with text field where the user introduces the
row number, a submit button and a hidden input with
the ID.
101. you process the data. Get the ID from the request
object, get the ConnectionTable from the session, get
the CustomSession using the ID as key, do whatever
your logic was doing, but obtaining the objects from
the CustomSession instead of HttpSession
NicNic,
Very slick idea. I think that it could work and it seems that there would be not security issues because the id that you would store on the client side is the Unique Identifier and not the actual Session Id. Do you forsee any security issues for this implementation? -
Problems with file uploading servlet, the form action doesnt capture url
Hi, i have one problem. I am working on a project , i have created a servlet that takes uploaded files and processses them and links them back to user to download. The servlet works perfectly from my computer, I am using apache-tomcat-6.0.16 and java 1.6 , I have two forms called encrypt.html and decrypt.html, I will post both of them, now the problem is when somebody access it on the internet while i am running apache, they get a connection was reset on a firefox browser and same stuff on Internet Explorer.
i have checked my server logs and saw nothing unusual there, So please if you can help me, it is my project.
I am pasting html file and error message that other users where getting remotely.
<html>
<head>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>
<title>Stego Form</title>
<link rel='STYLESHEET' type='text/css' href='encrypt.css'>
</head>
<body>
<center>
<form name='encrypt' enctype='multipart/form-data' method='POST' action='http://localhost:8080/examples/temp2
' accept-charset='UTF-8'>
<input type='hidden' name='sfm_form_submitted' value='yes'>
</input>
<input type='hidden' name='eord' value='e'>
<select name='encryption' size='1'>
<option value='Select an encryption' selected>
Select an encryption
</option>
<option value='DES'>
DES
</option>
<option value='Tripple DES'>
Tripple DES
</option>
</select>
<input type='file' name='overt' size='20'>
<input type='file' name='covert' size='20'>
<input type='submit' name='submit' value='Submit'>
</form>
</center>
</body>
</html>so it works for me even if i access the page with my ip , but for others it doesnt work,
now the user got this xhtml page that i will show, i cant find attach button so i am pasting here.
here is the servlet coding
import java.io.*;
import java.util.*;
import javax.servlet.ServletException;
import javax.servlet.http.*;
import org.apache.commons.fileupload.*;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
public class temp2 extends HttpServlet
FileInputStream fin;
String filenames[] = new String[2],fieldname,fieldval;
String keyfile,IVfile;
String names[] = new String[2];
public temp2()
super();
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
doPost(request, response);
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
String eord="";
List lst = null;
boolean isMultiPart = ServletFileUpload.isMultipartContent(request);
if (!isMultiPart) // check whether the post request is actually multipart
System.out.println("ERROR NOT MULTIPART");
System.exit(0);
DiskFileItemFactory fif = new DiskFileItemFactory();
ServletFileUpload sfu = new ServletFileUpload(fif);
sfu.setSizeMax(10000000);
try { lst = sfu.parseRequest(request); }
catch (FileUploadException ex)
{ System.out.println("ERROR IN PARSING FILES" + ex); System.exit(0); }
if(lst.isEmpty()) // check whether request is empty
System.out.println("ERROR LIST SIZE NOT GOOD : " + lst.size());
System.exit(0);
Iterator x = lst.iterator();
int i = 0;
FileItem f = (FileItem)x.next();
f = (FileItem)x.next();
System.out.println(f.getFieldName());
if(f.getFieldName().equalsIgnoreCase("eord")) // check hidden field to know the case : encrypt or decrypt
eord = f.getString();
System.out.println(f.getString());
else // if it is not first field exit
System.out.println("Invalid FORM");
System.exit(0);
f = (FileItem)x.next(); // next field
if(f.getFieldName().equalsIgnoreCase("encryption")) // type of encryption des / tdes
fieldname = f.getFieldName();
fieldval = f.getString();
System.out.println(f.getString());
if(eord.equalsIgnoreCase("e")) // if it is encryption form only file required
while(x.hasNext())
f = (FileItem)x.next();
if(!f.isFormField())
int check = f.getName().lastIndexOf(File.separator);
System.out.println(File.separator);
if(check==-1)
System.out.println(f.getName());
System.out.println("Unsupported browser : " + check);
System.exit(0);
File ff = new File("e:\\apache\\webapps\\temp\\"+f.getName().substring(check));
names[i] = ff.getName(); // original file names
try
f.write(ff);
filenames[i] = ff.getAbsolutePath();
// renamed
ff.deleteOnExit();
}catch(Exception e) {System.out.println("Error writing file"+ ff.getAbsolutePath()); System.exit(0);}
i++;
try { System.in.read(); } catch(Exception e) {}
}// endwhile
if(fieldval.equalsIgnoreCase("DES"))
System.out.println("DES 1"+filenames[1]);
javades o = new javades(filenames[1]); // the file to be encrypted
filenames[1] = "e:\\apache\\webapps\\temp\\files\\" + names[1];
System.out.println("should be original" + filenames[1]);
else if(fieldval.equalsIgnoreCase("Tripple DES"))
javatdes o = new javatdes(filenames[1]);
filenames[1] = "e:\\apache\\webapps\\temp\\files\\" + names[1];
System.out.println(filenames[1]);
System.out.println("Calling stego");
filenames[0] = "e:\\apache\\webapps\\temp\\" + names[0];
System.out.println("file 1 "+ filenames[0]);
System.out.println("file 2"+ filenames[1]);
try { System.in.read(); } catch(Exception e) {}
stego s = new stego(filenames[0],filenames[1]);
System.out.println("mainext " + s.mainext);
// encryption done, and new files are loaded, now lets hide
if(s.mainext.equalsIgnoreCase("wav"))
s.encodewav();
System.out.println("Encoded wave");
else if(s.mainext.equalsIgnoreCase("bmp"))
System.out.println("Encoded bmp");
s.encodebmp();
System.out.println("done !");
PrintWriter pr = response.getWriter();
pr.println("Greetings , Your work is done and saved, now download the following files");
pr.println("The secret key file is needed for getting back your hidden file, so download that too");
pr.write("<a href=\"/temp/files/IV.txt\">click here</a>");
pr.write("<br/><a href=\"/temp/files/key.txt\">click here</a>");
pr.write("<br/><a href=\"/temp/files/"+names[0]+"\">click here</a>");
return;
// if it is decryption case
else if(eord.equalsIgnoreCase("d"))
while(x.hasNext())
f = (FileItem)x.next();
if(!f.isFormField())
int check = f.getName().lastIndexOf(File.separator);
System.out.println(File.separator);
if(check==-1)
System.out.println(f.getName());
System.out.println("Unsupported browser : " + check);
System.exit(0);
File ff = new File("e:\\apache\\webapps\\temp\\"+f.getName().substring(check));
// else if ladder to store paths of stegofile keyfile and IVfile
if(f.getFieldName().equalsIgnoreCase("stegofile"))
filenames[0] = ff.getAbsolutePath();
else if(f.getFieldName().equalsIgnoreCase("keyfile"))
keyfile = ff.getAbsolutePath();
else if(f.getFieldName().equalsIgnoreCase("IVfile"))
IVfile = ff.getAbsolutePath();
try
f.write(ff); // writes whole file at once
}catch(Exception e) {System.out.println("Error writing file"); System.exit(0);}
}// endwhile
System.out.println("Calling stego");
System.out.println("file 1 "+ filenames[0]);
stego s = new stego(filenames[0]);
System.out.println("mainext " + s.mainext);
if(s.mainext.equalsIgnoreCase("wav"))
s.decodewav();
System.out.println("Encoded wave");
else if(s.mainext.equalsIgnoreCase("bmp"))
s.decodebmp();
System.out.println("Encoded bmp");
System.out.println("done !");
////// hidden file has been retrieved , now lets decrypt it
System.out.println("ext " + s.ext);
filenames[0] = "e:\\apache\\webapps\\temp\\"+s.filename;
System.out.println(filenames[0]);
System.out.println(keyfile);
System.out.println(IVfile);
if(fieldval.equalsIgnoreCase("DES"))
javades o = new javades(filenames[0],keyfile,IVfile); // the file to be encrypted
filenames[0] = "e:\\apache\\webapps\\temp\\" + ( new File(filenames[0]).getName());
System.out.println("should be original" + filenames[0]);
else if(fieldval.equalsIgnoreCase("Tripple DES"))
javatdes o = new javatdes(filenames[0],keyfile,IVfile);
filenames[0] = "e:\\apache\\webapps\\temp\\" + ( new File(filenames[0]).getName());
System.out.println(filenames[0]);
PrintWriter pr = response.getWriter();
pr.write("Greetings, you have successfully retrieved your hidden file, now download it from here <br>");
pr.write("<a href=\"http://localhost:8080/temp/files/" + (new File(filenames[0]).getName())+"\">Click here</a>");
}and here is the xhtml file the user receives, whe he clicks the submit button,
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html [
<!ENTITY % htmlDTD
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"DTD/xhtml1-strict.dtd">
%htmlDTD;
<!ENTITY % netErrorDTD
SYSTEM "chrome://global/locale/netError.dtd">
%netErrorDTD;
<!ENTITY loadError.label "Problem loading page">
<!ENTITY retry.label "Try Again">
<!-- Specific error messages -->
<!ENTITY connectionFailure.title "Unable to connect">
<!ENTITY connectionFailure.longDesc "&sharedLongDesc;">
<!ENTITY deniedPortAccess.title "This address is restricted">
<!ENTITY deniedPortAccess.longDesc "">
<!ENTITY dnsNotFound.title "Server not found">
<!ENTITY dnsNotFound.longDesc "
<ul>
<li>Check the address for typing errors such as
<strong>ww</strong>.example.com instead of
<strong>www</strong>.example.com</li>
<li>If you are unable to load any pages, check your computer's network
connection.</li>
<li>If your computer or network is protected by a firewall or proxy, make sure
that &brandShortName; is permitted to access the Web.</li>
</ul>
">
<!ENTITY fileNotFound.title "File not found">
<!ENTITY fileNotFound.longDesc "
<ul>
<li>Check the file name for capitalization or other typing errors.</li>
<li>Check to see if the file was moved, renamed or deleted.</li>
</ul>
">
<!ENTITY generic.title "Oops.">
<!ENTITY generic.longDesc "
<p>&brandShortName; can't load this page for some reason.</p>
">
<!ENTITY malformedURI.title "The address isn't valid">
<!ENTITY malformedURI.longDesc "
<ul>
<li>Web addresses are usually written like
<strong>http://www.example.com/</strong></li>
<li>Make sure that you're using forward slashes (i.e.
<strong>/</strong>).</li>
</ul>
">
<!ENTITY netInterrupt.title "The connection was interrupted">
<!ENTITY netInterrupt.longDesc "&sharedLongDesc;">
<!ENTITY netOffline.title "Offline mode">
<!ENTITY netOffline.longDesc "
<ul>
<li>Uncheck "Work Offline" in the File menu, then try again.</li>
</ul>
">
<!ENTITY netReset.title "The connection was reset">
<!ENTITY netReset.longDesc "&sharedLongDesc;">
<!ENTITY netTimeout.title "The connection has timed out">
<!ENTITY netTimeout.longDesc "&sharedLongDesc;">
<!ENTITY protocolNotFound.title "The address wasn't understood">
<!ENTITY protocolNotFound.longDesc "
<ul>
<li>You might need to install other software to open this address.</li>
</ul>
">
<!ENTITY proxyConnectFailure.title "The proxy server is refusing connections">
<!ENTITY proxyConnectFailure.longDesc "
<ul>
<li>Check the proxy settings to make sure that they are correct.</li>
<li>Contact your network administrator to make sure the proxy server is
working.</li>
</ul>
">
<!ENTITY proxyResolveFailure.title "Unable to find the proxy server">
<!ENTITY proxyResolveFailure.longDesc "
<ul>
<li>Check the proxy settings to make sure that they are correct.</li>
<li>Check to make sure your computer has a working network connection.</li>
<li>If your computer or network is protected by a firewall or proxy, make sure
that &brandShortName; is permitted to access the Web.</li>
</ul>
">
<!ENTITY redirectLoop.title "The page isn't redirecting properly">
<!ENTITY redirectLoop.longDesc "
<ul>
<li>This problem can sometimes be caused by disabling or refusing to accept
cookies.</li>
</ul>
">
<!ENTITY unknownSocketType.title "Unexpected response from server">
<!ENTITY unknownSocketType.longDesc "
<ul>
<li>Check to make sure your system has the Personal Security Manager
installed.</li>
<li>This might be due to a non-standard configuration on the server.</li>
</ul>
">
<!ENTITY sharedLongDesc "
<ul>
<li>The site could be temporarily unavailable or too busy. Try again in a few
moments.</li>
<li>If you are unable to load any pages, check your computer's network
connection.</li>
<li>If your computer or network is protected by a firewall or proxy, make sure
that &brandShortName; is permitted to access the Web.</li>
</ul>
">
<!ENTITY % globalDTD
SYSTEM "chrome://global/locale/global.dtd">
%globalDTD;
]>
<!-- ***** BEGIN LICENSE BLOCK *****
- Version: MPL 1.1/GPL 2.0/LGPL 2.1
- The contents of this file are subject to the Mozilla Public License Version
- 1.1 (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
- http://www.mozilla.org/MPL/
- Software distributed under the License is distributed on an "AS IS" basis,
- WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- for the specific language governing rights and limitations under the
- License.
- The Original Code is mozilla.org code.
- The Initial Developer of the Original Code is
- Netscape Communications Corporation.
- Portions created by the Initial Developer are Copyright (C) 1998
- the Initial Developer. All Rights Reserved.
- Contributor(s):
- Adam Lock <[email protected]>
- William R. Price <[email protected]>
- Henrik Skupin <[email protected]>
- Jeff Walden <[email protected]>
- Alternatively, the contents of this file may be used under the terms of
- either the GNU General Public License Version 2 or later (the "GPL"), or
- the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- in which case the provisions of the GPL or the LGPL are applicable instead
- of those above. If you wish to allow use of your version of this file only
- under the terms of either the GPL or the LGPL, and not to allow others to
- use your version of this file under the terms of the MPL, indicate your
- decision by deleting the provisions above and replace them with the notice
- and other provisions required by the LGPL or the GPL. If you do not delete
- the provisions above, a recipient may use your version of this file under
- the terms of any one of the MPL, the GPL or the LGPL.
- ***** END LICENSE BLOCK ***** -->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Problem loading page</title>
<link rel="stylesheet" href="temp2_files/netError.css" type="text/css" media="all"/>
<!-- XXX this needs to be themeable -->
<link rel="icon" type="image/png" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAANbY1E9YMgAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAICSURBVHjaYvz//z8DJQAggJhwiDPvnmlzc2aR0O+JGezt+AwACCCsBhxfYhn59N41FWtXIxZOLu70niRGXVwGAAQQNgNYHj96O8HaWYdJW5ubwd4/mI2Ng7sblwEAAYRhwMm1URk/vn4SUNWVYGD8+YZBXZOZm5OLzRjoCmNsBgAEEKoBN82Y7l851GLrqMjM8Oc7A8O/3wwMP54wuAQFCXNycUzGZgBAAKEYcOaKZO2/f//5FbUVgBrfMoRVcgHpNwyKGjKMXDwCan0prFboBgAEELIBzDcvXyy2cVZhYPj9GWj7H4jo/38MDJ9OMDj7O/KzsjH3oxsAEEBwA/bNNipiZf7FI6cqwcDw8x2qqp8fGORUpVn4BEXlgGHhhCwFEEAwA9gfP3hdZ+Oizcjw+wvCdjgAuuLrFQbXIH9hTm7uqcgyAAEENuD4ctcebm5mbikFYRTbV7V/Q6j88Z5BSuY7q4CQgAjQFR4wYYAAAhtw89L5ZFsnRaDtn4CW/YXrAQcisit+PGVwDgrnZ2NnnwATBQggpsNLvGYLCAmxi8tLARWg+h3FBVBXSEj/ZZWQkRcCuiIQJAQQQCyvnj5KMDTkZ2JgYmRg4FchnHv+vmEwttLmeXT3VjKQtx4ggFgk5TXebV63UfT3ijOMxOZAVlZWdiB1EMQGCCBGSrMzQIABAFR3kRM3KggZAAAAAElFTkSuQmCC"/>
<script type="application/x-javascript"><![CDATA[
// Error url MUST be formatted like this:
// moz-neterror:page?e=error&u=url&d=desc
// Note that this file uses document.documentURI to get
// the URL (with the format from above). This is because
// document.location.href gets the current URI off the docshell,
// which is the URL displayed in the location bar, i.e.
// the URI that the user attempted to load.
function getErrorCode()
var url = document.documentURI;
var error = url.search(/e\=/);
var duffUrl = url.search(/\&u\=/);
return decodeURIComponent(url.slice(error + 2, duffUrl));
function getDescription()
var url = document.documentURI;
var desc = url.search(/d\=/);
// desc == -1 if not found; if so, return an empty string
// instead of what would turn out to be portions of the URI
if (desc == -1) return "";
return decodeURIComponent(url.slice(desc + 2));
function retryThis()
// Session history has the URL of the page that failed
// to load, not the one of the error page. So, just call
// reload(), which will also repost POST data correctly.
try {
location.reload();
} catch (e) {
// We probably tried to reload a URI that caused an exception to
// occur; e.g. a non-existent file.
function initPage()
var err = getErrorCode();
// if it's an unknown error or there's no title or description
// defined, get the generic message
var errTitle = document.getElementById("et_" + err);
var errDesc = document.getElementById("ed_" + err);
if (!errTitle || !errDesc)
errTitle = document.getElementById("et_generic");
errDesc = document.getElementById("ed_generic");
var title = document.getElementById("errorTitleText");
if (title)
title.parentNode.replaceChild(errTitle, title);
// change id to the replaced child's id so styling works
errTitle.id = "errorTitleText";
var sd = document.getElementById("errorShortDescText");
if (sd)
sd.textContent = getDescription();
var ld = document.getElementById("errorLongDesc");
if (ld)
ld.parentNode.replaceChild(errDesc, ld);
// change id to the replaced child's id so styling works
errDesc.id = "errorLongDesc";
// remove undisplayed errors to avoid bug 39098
var errContainer = document.getElementById("errorContainer");
errContainer.parentNode.removeChild(errContainer);
]]></script>
</head>
<body dir="ltr">
<!-- ERROR ITEM CONTAINER (removed during loading to avoid bug 39098) -->
<!-- PAGE CONTAINER (for styling purposes only) -->
<div id="errorPageContainer">
<!-- Error Title -->
<div id="errorTitle">
<h1 id="errorTitleText">The connection was reset</h1>
</div>
<!-- LONG CONTENT (the section most likely to require scrolling) -->
<div id="errorLongContent">
<!-- Short Description -->
<div id="errorShortDesc">
<p id="errorShortDescText">The connection to the server was reset while the page was loading.</p>
</div>
<!-- Long Description (Note: See netError.dtd for used XHTML tags) -->
<div id="errorLongDesc">
<ul>
<li>The site could be temporarily unavailable or too busy. Try again in a few
moments.</li>
<li>If you are unable to load any pages, check your computer's network
connection.</li>
<li>If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.</li>
</ul>
</div>
</div>
<!-- Retry Button -->
<xul:button xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" id="errorTryAgain" label="Try Again" oncommand="retryThis();"/>
</div>
<!--
- Note: It is important to run the script this way, instead of using
- an onload handler. This is because error pages are loaded as
- LOAD_BACKGROUND, which means that onload handlers will not be executed.
-->
<script type="application/x-javascript">initPage();</script>
</body>
</html>thank you for your prompt reply in advance,
Regards,
Mihir PandyaHi, thank you for your replies, I found out few things about my servlet, and its portability
and i have few questions, although i marked this topic as answered i guess its ok to post
I am using javax.servlet.context.tempdir to store my files in that servletcontext temporary directory. But i dont know how to give hyperlink
of the modified files to the user for them to download the modified files.
What i am using to get the tempdir i will paste
File baseurl = (File)this.getServletContext().getAttribute("javax.servlet.context.tempdir");
System.out.println(baseurl);
baseurl = new File(baseurl.getAbsolutePath()+File.separator+"temp"+File.separator+"files");
baseurl.mkdirs();so i am storing my files in that temp/files folder and the servlet processes them and modifies them, then how to present them as
links to the user for download ?
and as the servlet is multithreaded by nature, if my servlet gets 2 different requests with same file names, i guess one of them will be overwritten
And i want to create unique directory for each request made to the servlet , so file names dont clash.
one another thing is that i want my servlet to be executed by my <form action> only, I dont want the user to simply type url and trigger the servlet
Reply A.S.A.P. please..
Thanks and regards,
Mihir Pandya -
Air + Ipad + RemoteObject problem with session cookies
I am making Air version for IPad of a Flex application.
My flex application needs session from an secured enterprise proxy, without that session none remoteObject requests can pass the proxy and reach blazeDS.
My solution for flex works fine: calling an enterprise servlet at application´s startup to obtain a cookie session. I use a POST call to the servlet using URLRequest (sending the user and password parameters), the servlet responds with a message with a session cookie, and from that point, without me having to code anything more, my flex application get that cookie with the session that automatically is loaded in my browser cookie stack, and that transparently is used from all my subsequents remoteObjects calls in the flex application.
In my Adobe Air Ipad version, this just does not work, the session or is not storaged or is not attached with subsequent remoteObjects requests.
- I´m forcing request.manageCookies = true
- I´m working with the IOS simulator (Is there any difference for cookies with a real Ipad device?)
- I´m using Flex 4.6.0, Air 3.5, IOS 6, Ipad 3, BlazeDS 4.0, Java 6 BackEnd.
.. What´s the problem/difference with Air+Ipad from the flex version?Hi BalusC ,
Thanks for your detailed response. I have a question about this comment you noted..
"Terrible. Just keep the bean request scoped. "
I changed the bean to request and now have this issue.
<rich:dataGrid id="membersInZipcode" value="#{membersInZipcode.arrayListOfSearch4Member}"
var="membersInZipcode" columns="5" elements="20">
<f:facet name="footer">
<rich:datascroller></rich:datascroller>
</f:facet>
</rich:dataGrid>
</h:form> I am using a request bean to hold the search parms that loads the bean. This works great.
The problem is when I use the rich:datascroller for the next page.
It goes back to the bean and the request scope bean is empty. This holds the search values.
How do I put this back into the request after each process??
Question 2..
"Those settings only applies on the current request, i.e. the JSP file itself. Images are obtained by separate and independent requests. You need to set the headers on those requests as well. You can use a filter for this."
I have never set a filter ...how do I do it? Do you have a link for an example of this filter setup?
Thanks Again
Phil -
Problem with Sessions & CFID Changing Unexpectedly
MY SETUP...
ColdFusion version 8.01 Standard
Hotfix version hf801-00002.jar
Java version 1.6.0_04
server OS Windows 2008 Enterprise 32bit
webserver IIS 7.0.6
database MySql 5.0.67
THE PROBLEM
For some visitors, every page on the website gives them a new CFID/CFTOKEN. I tried to narrow it down to a particular browser, but it's happening in every browser. It's only happening for some people. It was happening to me, then it stopped. Not sure what I did to fix it, but it's still happening to others.
I'm using CFID/CFTOKEN (or more recently, a random number stored in a session.variable) as their temporary ID when they add something to their shopping cart. Problem is, when the CFID or session value changes, the items in their cart are no longer associated with them anymore - their cart appears to be empty at that point.
For the love of God, what is causing the CFID and Session variables to change on every page? I am storing the client global variables in a MySql table which was setup by CF Administrator and appears to be working properly.
Lastly, this site has been working fine for years, all of the sudden after some PCI Compliance conformity and CF Patches, this problem arose, so I want to blame it on the patches, but I'm not sure.
Has anyone else ever had this problem? How did you fix it?It can also be (and will always be caused) by any user who's browser (or any part of the connection) does not maintain the cookies.
If the request does not contain a cookie with currently valid cfid|cftoken and|or cfsessionid values, ColdFusion will generate new ones. This can be cause by security settings in the browser, OS, firewall, proxy etc.
This has become an increasingly rare issue in modern Internet computing, but it was a fairly common back in the day when cookies where a new idea.
Maybe you are looking for
-
Hello, I have a profil which includes the well-known auth. obj S_TCODE, but it is the first time this one appears in grey. That means I cannot maintain it manually. I have used the 3 ways to generate a new profil to get rid off that unmodifiable s_tc
-
My MacBook Pro 10.6.8 stopped recognizing my camera USB
My MacBook Pro 10.6.8 stopped recognizing my Sony Exmor R Cybershot USB cord when it had been recognizing it and I have no idea what I can do.
-
I don't know if anyone else has experienced this, and what you did about it. My macbook when charging gives small electric shocks through the body of the mac. I'v been on the phone to Apple and they have suggested using a 3 pronged plug, which i do.
-
Controlling #views/#prints and getting audit event notifications
We have an evaluation of LiveCycle up and running, and we are negotiatons for purchase. In doing some quick proof-of-concept work, we ran across a couple issues we are looking to get help with. Background: We are working in .Net using LiveCycle web s
-
Hi I am doing file to file scenario , i want to find the directory path at receiver dynamically on the basis of sender business service name for eg if the file is coming from business service X101 then the file should go in folder X101 Any ideas Rega