|
Sorry it is not clear enough but it's such a strange behaviour and rather difficult to describe. I'll try to clarify myself: WAS level: WAS 3.5.6 The first HTML-page launches a login.class which is authenticated. This forces WAS to send/request authentication info (when user isn't already logged in through another application). The login.class also creates a new HTTP-session in which I want to keep 'default-info'. Next step should be the launch of the 'controller.servlet' which i tried directly from the 'login.class'. 2 reason's why this 'controller.servlet' executes these statements: session = req.getSession(true); id = session.getId(); if (session.isNew()) ... 1) Because the 'controller.servlet' needs the 'default-info' (and that's the way to retrieve the session-info) 2) Because I can check if session is still valid (ex. timeout occurred) I don't know why 'session.isNew()' returns 'true' while one could see in std-out that session-id is still the same... Stangly, when jsp1 is launched first then it works! So, this alway's works: Html ==> Loginid ==> jsp1 ==> controller.servlet ==> jsp1 or jsp2 (depending on action) This never works: Html ==> Loginid ==> controller.servlet ==> jsp1 or jsp2 (depending on action) Problem: When a user is authenticated before (ex. as guest for another application), he could try to launch the application using URL (when he knows it). When jsp1 is loaded first, het gets a screen to fill in first and receives an error when executing controller.servlet Otherwise, when controller.servlet is loaded first, he gets an error immediatly. Patrick Goovaerts pgoovaerts@pandora.be TEL: 0032-3-6472715 GSM:0498610325 -----Oorspronkelijk bericht----- Van: java400-l-admin@midrange.com [mailto:java400-l-admin@midrange.com] Namens Art Smet Verzonden: maandag 5 augustus 2002 16:55 Aan: java400-l@midrange.com Onderwerp: Re: HttpSession - problem -- -- [ Picked text/plain from multipart/alternative ] What WAS level? When I read the description on how it should work, I see submit 'login. class' creates a new 'session'. But in the problem description, after submitting 'login.class', having a new 'session' is considered abnormal. Can you clarify. I've seen a similar authentication flow, but instead of a .forward( ) to the controller.class a SendRedirect was used, that may be one change you can try to see if it helps. Does your stdout/stderr show any evidence of errors, I'm suspecting there may be an error that mentions 'anonymous' as part of the text. |---------+----------------------------> | | P. | | | Goovaerts@Clipper| | | .Be | | | Sent by: java400-| | | l-admin@midrange.| | | com | | | | | | | | | 08/05/02 04:15 AM| | | Please respond to| | | java400-l | | | | |---------+----------------------------> >----------------------------------------------------------------------- ------------------------------------------------| | | | To: web400@midrange.com, <java400-l@midrange.com> | | cc: java400-l@midrange.com, java400@midrange.com | | Subject: HttpSession - problem | | | | | >----------------------------------------------------------------------- ------------------------------------------------| I hope one can help me with this tricky problem: I have a WebApp which is running under 'Basic Authentication' and has following objects: - index.html - login.class - controller.class - databean.class - jsp1.jsp - jsp2.jsp - error.jsp it should work as follows: - index launched - form submit 'login.class' with 2 parms: parm1, parm2 (value=controller.class) - basic authentication is activated (userid/password is asked and entered) - create new 'session' - gets default uservalues from AS400 - stores default uservalues in session - redirects to parm2 (controller.class) ==> getServletConfig(). getServletContext(). getRequestDispatcher(controller.class). forward(req, res); - controller class loaded - retrieves 'sessionvalues' - detects which jsp to load - loads jsp1.jsp - jsp1.jsp loaded - values changed - loads controller.class - controller class activated - retrieves 'sessionvalues' - detects which jsp to load - updates databean.class - loads jsp2.jsp etc... The controller's work is retrieving sessionvalues, updates beans, launch jsp's. When session-timeout occurs, error.jsp is returned. Problemdescription: When I submit the 'login.class' with parm2=controller.class, the 'session' is considdered as 'new'??? I use the following to retrieve the sessioninfo: session = req.getSession(true); id = session.getId(); if (session.isNew()) In normal situations, the session should get a 'false' on 'if (session.isNew())' but it always returns 'true'. However, when I check the sessionid, it is always the same!!! When I change parm2 in 'jsp1.jsp', I do not get this strange behaviour... The jsp is loaded, this form submits the controller which detects the correct session (session.isNew() = false) and loads jsp2.jsp. Here's an extract of debugginginfo printerd to 'std_out' where you can see that sessionid doesn't change... -------------------------------------------------------- P4CGZHTYKSKYUEBFEKP3OAY ConnectionHolder(clipper): New ConnectionHolder generated with : P4CGZHTYKSKYUEBFEKP3OAY setAutoCommit=false P4CGZHTYKSKYUEBFEKP3OAY setTransactionIsolation=1 P4CGZHTYKSKYUEBFEKP3OAY at :Mon Aug 05 10:41:03 GMT+02:00 2002 P4CGZHTYKSKYUEBFEKP3OAY************************************************* ******************************* P4CGZHTYKSKYUEBFEKP3OAYSessioninformation at: SLoginUser_doGet P4CGZHTYKSKYUEBFEKP3OAY Parameter Information P4CGZHTYKSKYUEBFEKP3OAY Parm company: R P4CGZHTYKSKYUEBFEKP3OAY Parm program: FQController P4CGZHTYKSKYUEBFEKP3OAY Server Information P4CGZHTYKSKYUEBFEKP3OAY req.getServerName() : "10.0.0.161" P4CGZHTYKSKYUEBFEKP3OAY req.getServerPort() : "2032" P4CGZHTYKSKYUEBFEKP3OAY req.getRemoteUser() : "pgo" P4CGZHTYKSKYUEBFEKP3OAY req.getAuthType() : "Basic" P4CGZHTYKSKYUEBFEKP3OAY req.getRequestURI() : "/FreightQuotations/SLoginUser" P4CGZHTYKSKYUEBFEKP3OAY req.getClass() : "class com.ibm.servlet.engine.webapp.WebAppDispatcherRequest" P4CGZHTYKSKYUEBFEKP3OAY req.getPathInfo() : "null" P4CGZHTYKSKYUEBFEKP3OAY req.getPathTranslated() : "null" P4CGZHTYKSKYUEBFEKP3OAY req.getServletPath() : "/SLoginUser" P4CGZHTYKSKYUEBFEKP3OAY HttpUtils.getRequestURL(req) : " http://10.0.0.161:2032/FreightQuotations/SLoginUser" P4CGZHTYKSKYUEBFEKP3OAY Request Attributes: P4CGZHTYKSKYUEBFEKP3OAY Attribute com.ibm.websphere.olt.include.bool: false P4CGZHTYKSKYUEBFEKP3OAY Attribute com.ibm.websphere.current_uri: /SLoginUser P4CGZHTYKSKYUEBFEKP3OAY Attribute com.ibm.websphere.olt.forward.request: SLoginUser P4CGZHTYKSKYUEBFEKP3OAY Attribute com.ibm.websphere.request_url: http://10.0.0.161:2032/FreightQuotations/SLoginUser P4CGZHTYKSKYUEBFEKP3OAY HTTP-session Information P4CGZHTYKSKYUEBFEKP3OAY Session ID: P4CGZHTYKSKYUEBFEKP3OAY P4CGZHTYKSKYUEBFEKP3OAY Session Max.Inactive Interval: 1800 P4CGZHTYKSKYUEBFEKP3OAY Session Created: 1028536862652 P4CGZHTYKSKYUEBFEKP3OAY Session Last Accessed: -1 P4CGZHTYKSKYUEBFEKP3OAY Session Values: P4CGZHTYKSKYUEBFEKP3OAY 0. sessionid.logoncompany: R P4CGZHTYKSKYUEBFEKP3OAY 1. sessionid.logonusername: pgo P4CGZHTYKSKYUEBFEKP3OAY 2. sessionid.logonpassword: serverauthorized P4CGZHTYKSKYUEBFEKP3OAY 3. sessionid.connection: com.clipper.tools.ConnectionHolder@896f1e68 P4CGZHTYKSKYUEBFEKP3OAYSLoginUser_doGetprocessing... P4CGZHTYKSKYUEBFEKP3OAY************************************************* ******************************* P4CGZHTYKSKYUEBFEKP3OAY SLoginUser_doGet: Homepage is shown P4CGZHTYKSKYUEBFEKP3OAY SLoginUser_doGet: User pgo with userprofile C3DPAD Logged in successfully for Company:R Menus Menus.getAllMenus(Connection, String, String): executed with following parameters : Company : R UserType : P Menus Menus.getAllMenus(Connection, String, String): Retrieving records with: R P Menus Menus.getAllMenus(Connection, String, String): 1 records retrieved with: R P Menus Menus.getAllMenus(Connection, String, String): executed with following parameters : Company : R UserType : C Menus Menus.getAllMenus(Connection, String, String): Retrieving records with: R C Menus Menus.getAllMenus(Connection, String, String): No records found with: R C Menus Menus.getAllMenus(Connection, String, String): 0 records retrieved with: R C Menus Menus.getAllMenus(Connection, String, String): executed with following parameters : Company : R UserType : A Menus Menus.getAllMenus(Connection, String, String): Retrieving records with: R A Menus Menus.getAllMenus(Connection, String, String): 1 records retrieved with: R A Menus Menus.getAllMenus(Connection, String, String): executed with following parameters : Company : R UserType : O Menus Menus.getAllMenus(Connection, String, String): Retrieving records with: R O Menus Menus.getAllMenus(Connection, String, String): 5 records retrieved with: R O Menus Menus.getAllMenus(Connection, String, String): executed with following parameters : Company : R UserType : E Menus Menus.getAllMenus(Connection, String, String): Retrieving records with: R E Menus Menus.getAllMenus(Connection, String, String): 4 records retrieved with: R E P4CGZHTYKSKYUEBFEKP3OAY SLoginUser_doGet: New Session Values: P4CGZHTYKSKYUEBFEKP3OAY 1. sessionid.logoncompany: R P4CGZHTYKSKYUEBFEKP3OAY 2. Menu: [com.clipper.model.Menu@818c9e68, com.clipper.model.Menu@998f1e68, com.clipper.model.Menu@956d1e68, com.clipper.model.Menu@91c39e68, com.clipper.model.Menu@91429e68, com.clipper.model.Menu@90c19e68, com.clipper.model.Menu@6c0f9e68, com.clipper.model.Menu@6f5c1e68, com.clipper.model.Menu@68bb1e68, com.clipper.model.Menu@6a319e68, com.clipper.model.Menu@652a9e68] P4CGZHTYKSKYUEBFEKP3OAY 3. MenuPublic: [com.clipper.model.Menu@818c9e68] P4CGZHTYKSKYUEBFEKP3OAY 4. MenuOwner: [com.clipper.model.Menu@956d1e68, com.clipper.model.Menu@91c39e68, com.clipper.model.Menu@91429e68, com.clipper.model.Menu@90c19e68, com.clipper.model.Menu@6c0f9e68] P4CGZHTYKSKYUEBFEKP3OAY 5. MenuAgent: [com.clipper.model.Menu@998f1e68] P4CGZHTYKSKYUEBFEKP3OAY 6. sessionid.useremail: pgoovaerts@pandora.be P4CGZHTYKSKYUEBFEKP3OAY 7. MenuEdp: [com.clipper.model.Menu@6f5c1e68, com.clipper.model.Menu@68bb1e68, com.clipper.model.Menu@6a319e68, com.clipper.model.Menu@652a9e68] P4CGZHTYKSKYUEBFEKP3OAY 8. sessionid.useragencycode: * P4CGZHTYKSKYUEBFEKP3OAY 9. MenuClient: [] P4CGZHTYKSKYUEBFEKP3OAY 10. sessionid.logonusername: pgo P4CGZHTYKSKYUEBFEKP3OAY 11. sessionid.logonpassword: serverauthorized P4CGZHTYKSKYUEBFEKP3OAY 12. sessionid.usertype: E P4CGZHTYKSKYUEBFEKP3OAY 13. sessionid.username: pgo P4CGZHTYKSKYUEBFEKP3OAY 14. sessionid.connection: com.clipper.tools.ConnectionHolder@896f1e68 P4CGZHTYKSKYUEBFEKP3OAY SLoginUser_doGet: Page to process= FQController P4CGZHTYKSKYUEBFEKP3OAY FQController_doGet: Previous session had a Time-out P4CGZHTYKSKYUEBFEKP3OAY FQController_doGet: URL is now: errorsession.jsp Patrick Goovaerts WebMaster Clipper Support nv TEL : 0032 (0)3 5453991 GSM: 0498 610 325 WEB: www.conti7.be _______________________________________________ This is the Java Programming on and around the iSeries / AS400 (JAVA400-L) mailing list To post a message email: JAVA400-L@midrange.com To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/cgi-bin/listinfo/java400-l or email: JAVA400-L-request@midrange.com Before posting, please take a moment to review the archives at http://archive.midrange.com/java400-l. -- -- [ graycol.gif of type image/gif deleted ] -- [ ecblank.gif of type image/gif deleted ] -- [ pic05965.gif of type image/gif deleted ] -- _______________________________________________ This is the Java Programming on and around the iSeries / AS400 (JAVA400-L) mailing list To post a message email: JAVA400-L@midrange.com To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/cgi-bin/listinfo/java400-l or email: JAVA400-L-request@midrange.com Before posting, please take a moment to review the archives at http://archive.midrange.com/java400-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.