Session ID not the same in my Java EE application
Question
I've written a application with a custom login system. And then written my own security filter for it which sets the area that can be accessed. Yet I always get redirected to the login page and then to the index page with is the logged in home page. I have discovered that the session ID is different from when I login to when I try to use something that is restricted. Here is my code:
public class securtityFilter implements Filter {
public void init(FilterConfig filterConfig) throws ServletException {
//To change body of implemented methods use File | Settings | File Templates.
}
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) servletRequest;
// if there is no userBean, then they have not gone through
// the login, so kick them to the login page
if(null==req.getSession().getAttribute("username"))
{
((HttpServletResponse)servletResponse).sendRedirect("../Login.jsp");
System.out.println("Redirected - No session");
}
// otherwise, let them go to the page/resource they want
filterChain.doFilter(servletRequest, servletResponse);
System.out.println("Gone through Filter");
// System.out.println("In Filter Servlet: "+ req.getSession().getId());
}
public void destroy() {
//To change body of implemented methods use File | Settings | File Templates.
}
}
Here is my web.xml file:
<filter>
<filter-name>SecurityFilter</filter-name>
<filter-class>filters.securtityFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/add/*</url-pattern>
</filter-mapping>
2 answers
solution1
0 2009-07-25 13:47:03
Try changing
if(null==req.getSession().getAttribute("username"))
to
HttpSession ses = req.getSession(false); // null if no current
if(null == ses ||
null == ses.getAttribute("username"))
so that it never creates a new session inside your filter. Let the login page create the sessions.
solution2
0 ACCPTED 2009-07-29 11:43:57
In your login servlet you have
while (rs.next())
{
HttpSession session = request.getSession(true);
String tmp = rs.getString(1);
System.out.println(tmp);
session.setAttribute("username", tmp);
count++;
}
So if you have no username attribute in your session, it is because this code block is not being executed. I assume that you are looping through the results of a database query, so check whether the actual query that you are executing returns any results.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.