2

enter image description here

When I have cookies enabled and I do a requestDispatcher.forward(req,resp) from loggedIn to ShoppingCart , the 'session id' and 'username' is carried forward/saved.

But when the cookies are disabled, a new 'session id' is created and the 'username' is null.

My question is how should i maintain the session when cookies are disabled.


login form

<html>
<body>
    <form method="POST" action="login.do">
        username:<input type="text" name="username" /> 
        <input type="submit" value="login"/>
    </form>
</body>
</html>


loggedIn.jsp

<html>
<body>
Session Id : <%out.print(session.getId());%><br>
Logged In User: <%out.print(session.getAttribute("username"));%><br>

<form action="shopping.do" method="POST">
    <input type="submit" value="start shopping"/>
</form>

</body>
</html>


shoppingCart.jsp

<html>
<body>
Session Id : <%out.print(session.getId());%><br>
Logged In User: <%out.print(session.getAttribute("username"));%><br>
<h1>Shopping Cart</h1>
</body>
</html>


web.xml

<!DOCTYPE web-app
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
    "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>

    <!--  LOGIN CONTROLLER -->
    <servlet>
        <servlet-name>LoginController</servlet-name>
        <servlet-class>com.example.controller.LoginController</servlet-class>       
    </servlet>
    <servlet-mapping>
        <servlet-name>LoginController</servlet-name>
        <url-pattern>/login.do</url-pattern>
    </servlet-mapping>

    <!--  SHOPPING CONTROLLER -->
    <servlet>
        <servlet-name>ShoppingController</servlet-name>
        <servlet-class>com.example.controller.ShoppingController</servlet-class>        
    </servlet>
    <servlet-mapping>
        <servlet-name>ShoppingController</servlet-name>
        <url-pattern>/shopping.do</url-pattern>
    </servlet-mapping>

</web-app>


LoginController

    package com.example.controller;

    import java.io.IOException;

    import javax.servlet.RequestDispatcher;
    import javax.servlet.ServletException;
    import javax.servlet.http.HttpServlet;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    import javax.servlet.http.HttpSession;

    public class LoginController extends HttpServlet {

        @Override
        protected void doPost(HttpServletRequest req, HttpServletResponse resp)
                throws ServletException, IOException {
            resp.setContentType("text/html");

            HttpSession session = req.getSession();

            if(req.getParameter("username")!=null && !req.getParameter("username").isEmpty()){
                session.setAttribute("username",req.getParameter("username"));
            }

            String URL = ("loggedIn.jsp");
            String encodedURL=resp.encodeRedirectURL(URL);
            System.out.println(encodedURL);
            RequestDispatcher view =req.getRequestDispatcher(encodedURL);
            view.forward(req,resp);

        }

    }


ShoppingController

package com.example.controller;

import java.io.IOException;

import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class ShoppingController extends HttpServlet {

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp)
            throws ServletException, IOException {
        resp.setContentType("text/html");

        String URL = ("shoppingCart.jsp");
        RequestDispatcher view =req.getRequestDispatcher(URL);
        view.forward(req,resp);

    }

}
Ash Ash
  • 443
  • 4
  • 7
  • 15

1 Answers1

1

For normal urls on the page, you would use response.encodeURL(). For redirects you should use response.encodeRedirectURL()

Additional information regarding the difference between the two can be found on this SO post

Community
  • 1
  • 1
ramp
  • 1,256
  • 8
  • 14
  • I would like to know how it is done in case of requestDispatcher.forward(req, resp). – Ash Ash Jul 07 '15 at 04:18
  • It does not apply to internal forwards. The request has already reached the server (along with the session cookie) and is available to all resources that are forwarded to as part of the request. – ramp Jul 07 '15 at 07:05
  • Could you please elaborate. Am i asking the wrong question ? – Ash Ash Jul 07 '15 at 09:39
  • Cookies flow from the server to the browser and back. Session-ids are held in cookies and therefore the session-ids (via the cookies) are passed back from the browser with every request. Session cookies need not be passed around for internal forwards since all internal forwards belong to the 'same' request. Once the session is retrieved from the request (either using a session cookie or a encoded url), it is always available for that request. – ramp Jul 07 '15 at 11:09
  • Looking at the flow you have posted, the form action url in loggedIn.jsp needs to have the url encoded. It is the loggedIn.jsp which sends the html response to the browser that has to encode the url. You have encoded the url in LoginController servlet which is needless (the servlet and jsp execute as part of the same request). You should encode the url that is sent to the browser. This will append the session id to the url and when the next request for that url arrives, it will have the session id in its query string.
    " method="POST">
     – ramp Jul 07 '15 at 11:34
  • 1
    ok, i got it. Since i am doing "req.getSession();" in my 'LoginController', the servlet is creating a new session for each request as i have disabled the cookies. – Ash Ash Jul 12 '15 at 08:56