Java Servlet :: How To Renew Session ID Of User
Aug 3, 2012How we can renew the session Id of the logged in user in order to prevent any session fixation problems. Is there any API in servlets to do it?
View RepliesHow we can renew the session Id of the logged in user in order to prevent any session fixation problems. Is there any API in servlets to do it?
View RepliesI am using following servlet code to store the logged in user information in the session.
session = request.getSession();
session.setAttribute("userName", userName );
session.setAttribute( "LoginId", loginId );
The information is getting stored in the session and i am able to retrieve the same for single user. The trouble starts when 2 user logged in from different browser (for example chrome, IE) from the same machine. The 2nd logged in user, overwrite the session information of first user.
How to prevent this.
My environment: Windows 7 64 bit, IBM websphere server, Oracle 11g, JSP, Sevrlet.
How is session maintained in the application server, internally what happens when the user has logged in ? We create a session and store the user details which will be stored in the session object in the server with a unique sessionID which will be validated when the same user login the system again? But how exactly the session is maintained in the Server internally?
View Replies View RelatedCoding a web application using Java 6. Try to implement the session timeout for users.
In the web.xml, I added:
<session-config>
<session-timeout>480</session-timeout> <!-- jsp will expire in 8 hours -->
</session-config>
Now, during the runtime, if a user does not touch the jsp page for 8 hours (after the user has signed in), the session timeout mechanism will kick in. At that point, the server side will automatically execute:
rd = req.getRequestDispatcher("/signin.jsp");
So that the user will have to re-sign in, before continue the work.
How can I achieve this goal?
In stateful session bean client servlet we are explicitly setting shoppingCart to session attribute. I do not remember doing similar step withStatelessSession bean.
request.getSession(true).setAttribute("cart",shoppingCart);
I do have have annotation as well
@EJB
ShoppingCart shoppingCart
I am a beginner want to compile servlet with following path
javac -classpath Program FilesApache Software FoundationTomcat 5.5commonlibservlet-api.jar;classes:.-d classes srccomexamplewebBeerSelect.java
Problem arises as follows:
javac: invalid flag: FilesApache
Usage: javac <options> <source files>
use -help for a list of possible options
Below is a method that i want to try to renew the expiry date.
Well I'm trying to read the file and rewrite the data into the txt file, is that possible?
Java Code:
public static void renew()throws IOException{
Scanner s=new Scanner(System.in);
Scanner s2=new Scanner(System.in);
Calendar calendar = new GregorianCalendar();
int year = (calendar.get(Calendar.YEAR));
[Code] ...
I have a question about how to check for a session as the user goes through different pages. I am using Java beans and EL to pass data from page to page but I cannot figure out how to check for a session on the pages without the use of a scriptlet with an if else statement in it.
I do not want the user to be able to access any pages unless they are logged in. With a scriptlet, I can create a statement that says if session exists show name else redirect to login page.
From what I have read and what some of the wonderful members here have told me, scriptlets are a big no no these days. So, how do I do these without the use of a scriptlet?
I have to use the company's login resource, which returns a login page for authentication after a browser/user page request; after successfully authenticated, the session attributes are set in a (remote) valued object (VO) invoked via servlet; then, such values are set in my (local) POJO.
I want to display the current user session attribute (see xChave below) and save it in database. How can I persist http User session attributes through the structure below?
Abstract Controller (just the main code):
public abstract class AbstractController<T> {
@Inject
private AbstractFacade<T> ejbFacade;
private Class<T> itemClass;
private T selected;
private Collection<T> items;
//GETTERS AND SETTERS OMMITED
public AbstractController(Class<T> itemClass) {
this.itemClass = itemClass;
}
[code]...
Previous page can be seen even after user logs out from the JSP page.
My code is:
Logout.jsp:
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<html>
<head>
<title>JSP Page</title>
[Code] ....
how to resolve this?
I made an application and i can send the message/notification to all loggedin users immediately. But the problem is that i am unable to send notifications to a specific user; as an example facebook chat.I am using Servlets 3.0, Spring MVC 3.0, GSon and AJAX Jquery.
Here is my code:
web.xml
<web-app id="WebApp_ID" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
[code]....
I am making my minor project on a money management website. One problem is occurring:
As we are registering via register.jsp page, the form in that jsp page calls the "saveuser" servlet which saves the user data in the database.
But the data is not getting saved. Following is the code of register.jsp page:
<!DOCTYPE HTML>
<html>
<head>
<title>Virtual Wallet</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
[Code] .....
I got one task from my manager, regarding browser back button, refresh button. He asks me the web application has to work like Banks site... means if I refresh or click on Back button(Browser's) then it has to throw the user out of session, I checked lot in internet. But I found like only disabling back button of disabling F5 keys like that. But he’s not accepting that.
How to approach for this? Can we throw the user out of session when he clicks on browser back button or refresh button. I think its possible . But i don't know how to implement.
May be I did not understand the meaning and usage of attribute "session" in page directive. My understanding is if session=false, in page directive, then the JSP page will not participate in the session. However, I have my welcomepage as below:
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1" session="true"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
........
.......
<%= session %>
<c:out value="${pageContext.request.session}"/>
if I choose session=true, then both ways of accessing session works , which means the JSP page participated in the session.
But if I change the session=false, then <%= session %> fails, but <c:out value="${pageContext.request.session}"/> does not fail.
how can c:out still show the session, when session = false
Can I access the session object even session has been expired? I need to check whether session is expired or not for each request.The session invalidation is set null the session object. What I concluded, session time out I can access session object but session invalidation I can not access session object. How can I find the session time out by using session object?
View Replies View RelatedI have 2 war in 1 EAR.
War A corresponds to UI
War B corresponds to Rest
1) From War A, I login to the application and then fetch some users that is a rest call. I get the response back from rest in json form that ui consumes and display the data on page.
2) Now I click on the logout link from ui jsp. This logs out the session from Ui. I use <form data-dojo-type="dijit/form/Form" based logout.
3) I then go to the proxy (using burp) and manually request the rest call which I made in step no 1), the rest gives the response back with the same json object returned in step no 1) This shows that the logout action on step 2) is invalidated the session from War A (ui war) but the session or cookie based from WAR B (rest war) is not invalidated.
Expected outcome:After I Logout from War A(ui war), the session must also get invalidated from war B (rest war) and manually request from proxy should not get the same response object as received in step 1)
I am developing a e-commerce college project, here i add the items in the cart(a div tag in the jsp page) via servlet by creating sessions,
flow control: shopping jsp (when user wants to add an item in the cart) --> item servlet (which is used to create session and synchronized it) --> cart servlet(which is used to add items in the arraylist and show them in the shopping.jsp's div tag + it also sets the total purchase amount in the session variable "totalpurchase")
now after that user wants to proceed to checkout, here i use the onclick event to check the minimumshopping amount must be less than the totalpurchase (totalpurchase which i had setted in the session),but my jsp page is unable to rechognise the updated value of the totalpurchase, yes, if i reload the page, it rechognises the new updated value of the totalpurchase? but i want it to rechognise the updated total purchase value, without reloading he jsp page..
My dynamic web project has a java class that captures a session variable with the following code.
HttpSession LoginSession = request.getSession();
String VAR = LoginSession.getAttribute("myVar").toString(); //This is the row 127
If i test the app in local (Mac + Java 1.8 + Tomcat 8) all works. In my remote cloud server (Ubuntu 14.10 + Java 1.8 + Tomcat 8) all works, except this class, that has this code. I copy the complete error here. Note that the row 127 of the error message is the second row of the previous code; and, if i comment this row with // and assign a fix variable all works. So, the problem is that 127^ row.
14-Dec-2014 08:15:23.923 SEVERE [http-nio-8080-exec-14] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [srvNavigation.SrvPT] in context with path [/myapp] threw exception
java.lang.NullPointerException
at srvNavigation.SrvPT.doGet(SrvPT.java:127)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:618)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
[Code] ....
How can i solve the problem?
i have file index.jsp , that approach to reguar java class and call function . in that function i want to get attribute from session like this :
List<Coupon> couponsList = (List<Coupon>)request.getSession().getAttribute("listOfCouponsThatNotExpired");
because this regular java class i get error message ,how to solve this ?
I want to implement session timeout functionality ...so with web.xml file i can specify session timeout ..say 30 min.. Now with filter is it possible for me to redirect the request to login page after session is timeout say after 30 min... What are the other ways...??
Also i want to know whether timeout setting in web.xml will overweight the application server timeout ... I am using struts 1.0 and hibernate...
Write a java program that will ask a user to input grades until the user inputs the sentinel value -1. The program should test each input to determine whether 0<=grade<=100. If the grade entered is within this range, the program should print "Grade accepted;" if not, the program should print "Invalid input".
View Replies View RelatedModify the program in Assign4 to synchronize access to the instance variable, balance. Save the program as SyncBank.java. Because balance is a double and not an object, it cannot be used as the monitor. Use synchronized methods or synchronized blocks of code as appropriate. Simultaneously test two threads as was done in Assign4. Because the threads can complete too quickly to determine if they are interfering with each other, delay the adding of a deposit by inserting the following code within the synchronized block or method:
try {
Thread.currentThread().sleep(10000); //sleep for milliseconds
}
catch(InterruptedException e) {
}
My code attempt so far:
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
import java.util.*;
import java.net.*;
import java.text.DecimalFormat;
public class SyncBank extends HttpServlet //throws ServletException, IOException
[Code] .....
I am absolutely new to Java. I am creating a Servlet and getting the error interface is expected here.
I am using IntelliJ 14.
My Servlet code is as follows:-
package ERPdetector;
import javax.servlet.http.*;
import javax.servlet.*;
import java.io.*;
public class ErpServlet implements HttpServlet {
[Code] ....
Using Eclipse I have imported a WAR with source. I have exported that project as a new war and it ran fine. I then added my own package and exported the war again. The jar file does not show up in /WEB-INF/lib folder. When I deploy the war on a tomcat server it barfs the following error:
Caused by: org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class [com.sharpline.fields.form.fields.TextAreaFormType] for bean with name 'com.sharpline.fields.form.fields.TextAreaFormType#53c37' defined in ServletContext resource [WEB-INF/activiti-standalone-context.xml]; nested exception is java.lang.ClassNotFoundException:
[Code] .....
It looks to me like my class (jar) is missing in the final war. How do I resolve this?
Actually I am working on java ee6 web application i tried to set value and max age for the cookie...but I was unable to set maxage what ever the max age value i give .it shows as -1.but my browser accepts and stores cookie.
<i>
"
Cookie sa=new Cookie("ssample", "welcome");
sa.setMaxAge(120);
response.addCookie(sa);
"</i>
using HttpServlet methods. What I want to do is to delay an HttpServletResponse. I set up some response.setHeader but then I want to wait a while after setting other values as the length of data to send and the content itself.
I tried to do that in 2 ways:
1. by using Thread.sleep() - in this case even with sleep of 100 ms the response seems to be lost.
2. by response.wait(TIME) - in this case it will never reach the block after wait, whatever TIME value I use.