QUESTION: Dear Sir,
I am getting problem in session management In my application Like if i logged in with two different users and At the time of Log out I invalidate the Session But My always first user is log out while i am doing log out the Second user.
So sir Tell me 2 Things
1- In My Application I have Lot of Hyperlink At Right and Left Navigation of the Logged in User So i have to Pass The Session ID Through Each and Every Hyper Link So that Application Server recognize that the Request Come From The Same user??
2-I am Doing at the login time "request.getsession(true); session.setAttribute("username",username); And the Time of Log Out I am doing "session.removeAttribute("username");session.invalidate()"
So I have to Pass Something From Session At the time Of Every Activity By the User??? and how??
ANSWER: 1. Provided the session doesn't time out, any thing you put in the session like username should still be there.
After using get session, you should use:
String userName = session.getAttribute("username");
if(userName == null)
... //Redirect to login page
The log page that handles loging in is the only place you should use:
---------- FOLLOW-UP ----------
QUESTION: Dear Sir, I m working in Web Sphere Application Server and i want to User URL rewriting technique And I have Configured the Application Server To URL Rewriting. So when I do First Time Login, Its Automatically Set The Jsession Id Like "http//www.xyz.com/ireps/login.do;jsessionid=x...y" But After Login The User has More Left and Right Navigation But When He clicked One Of Them The Jsession id is not appending with the URL.
So sir Please Can U Clear me
1- The Application Server Will Always Automatically append This Jsession Id Each and Every Linked Clicked By the User.
2- Or I have To get This Jsession id Fist Time and Send Again and Again with The Each and Every URL.
The session does not need to appear in the URL. It should be able to keep track of it based on the user's IP address. It is possible that this setting is disabled (for more security). It is also possible that the jsession id is passed over POST instead of GET.
You are probably asking the wrong person about this though, as I haven't done any work in JSP.