JSESSIONID problem
[146 byte] By [Dinesa] at [2007-11-26 19:48:10] 
Is there any way of generating a session id and issuing it to the client after authentication.?I have to do this through java code..
All most all the server do it by default.
This value is stored in cookie variable with cookie name as JSESSIONID.
you can get it with the help of java script
Please give the problem in a more elaborated way.
Mention the server name
type of scripting language(jsp /servlets/etc.)
amit.naranga at 2007-7-9 22:35:36 >
i know its generated by the app server.The problem is this:
The user has to authenticate himself by logging into the application.Currently the session id is same irrespective of whether the authentication is successful or not.(ie.the session id for login page is same as that of the home page)What i need is once the authentication is done,a new session id has to be issued so that the subsequent requests uses the new session id.This will make me to use the session id for some verification processes..
Dinesa at 2007-7-9 22:35:36 >
Maybe you can set a variable in your session to remember that the authentication was succesfull and add an HttpFilter that checks for this variable and rejects requests by unauthorised users.
Peetzorea at 2007-7-9 22:35:36 >
This is very easy to create a new session.
Just invalidate the session and then create a session again.
But the best way to go for such a problem is
Create a session variable which specifies that the current user is authneicated.
Then on each request which needs authorization just check if the session have the same variable.
If it exist return the page otherwise show some error message.
This is how I have found the most of the sites work.
You always have other option of invalidatinga and recreating session
Thanks
amit.naranga at 2007-7-9 22:35:36 >
You shouldn't care what the jsessionid value is, trying to use that value for authentication is lunacy. As amit.narang said above use some session variable to flag that the user has successfully logged in.-
YoGeea at 2007-7-9 22:35:36 >
Thanks for ur reply....
The problem is i cannnot use session variables because the request will be forwarded across multiple applications.Currently we are using session id for this.when a request is forwarded to app2 from app1,the session id will be sent as part of qrystring in encrypted format.app2 uses this to check against the session id of the request it has got.
Dinesa at 2007-7-9 22:35:36 >
That's just so wrong it's beyond the pale.
jwentinga at 2007-7-9 22:35:36 >
In Such a case you can always use java script functions.
With the help of which you can modify the form field value to have session value from cookie at the time of submit click.
For Cookie related work throug java script you can check the following link
http://www.quirksmode.org/js/cookies.html
amit.naranga at 2007-7-9 22:35:36 >
> That's just so wrong it's beyond the pale.And yet it's typical of questions in the Servlet and JSP forums. Have you ever looked there? I read them and just shudder. I can't even begin to formulate an answer beyond "Don't do that".
DrClapa at 2007-7-9 22:35:36 >
Hmm..i'm facing the same issue..
i have a shop site(Python) which is an affliate site of a main site(J2EE).
From the shop site, users can log-in to the main site.
If login succeeded, users can access restricted pages of the main site from the shop.
So, basically.
1. Call a login function by POST to the main site. main site returns the session id as the response text.
2. From the shop, i thought i can access the main site's pages by passing the returned session id as the JSESSIONID ?
Eg: http://mainsite.com/secured/balance_enquiry.action;jsessionid='sfhsodhfdsfsdfsdfdf'
Didn't work though. :(
innek81a at 2007-7-9 22:35:36 >
Java Essentials New Topic
Java Essentials Hot Topic
Java Essentials
All Classified
- Archived Forums
- Enterprise & Remote Computing
- Java Essentials
- Desktop
- Core
- Solaris Operating System
- Security
- Database Connectivity
- Java Mobility Forums
- Web & Directory Servers
- Development Tools
- Application & Integration Servers
- Java HotSpot Virtual Machine
- Other Topics
- E-Mail, Calendar, & Collaboration
- Developer Tools
- General
- Administration Tools
- Sun Hardware
- Storage Forums
- Java Enterprise System
- StarOffice
- Open Source Technologies
- BigAdmin
- Real-Time
- Java Coding