authentication servlet
Hi,
While transfering an authentication jsp into a servlet i bump into some problems. The original authentication jsp creates an ValidUser bean with the session scope after verifying the user credential agains the db. In my servlet, i do like this:
ValidUser currentUser =new ValidUser(role);
HttpSession myses = request.getSession(false);//just return the old session
if (!(myses==null))
myses.invalidate();//destroy if already exist
myses = request.getSession(true);//make new session
myses.setAttribute("validUser",currentUser);
//forward request and response to desired resource
Is this the best way to do authentication?
Let say there are 20 people who want to login at the same time. There are only one copy of this authentication servlet and 20 sessions associated with 20 different ValidUser objects am I correct?
Thai
