0

Hi!

I am testing the "session" object and I don't know why it is losing data when I change the web page. I created a simple software to show the problem:

See the code:

Page index.jsp:

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Login</title>
    </head>
    <body>
        <form action="" method="post">
        <fieldset title="Login">
            <p>
                Login <input type="text" alt="Login" name="login" maxlength="20" value="" />
            </p>
            <p>
                Password <input type="text" alt="Password" name="pass" maxlength="20" value="" />
            </p>
            <p>
                 <input type="submit" value="Send" name="btnSend" />
            </p>

            <%
                if((request.getParameter("login")!=null)&&
                   (request.getParameter("pass")!=null))
                {
                   String us = request.getParameter("login") + 
                           request.getParameter("pass");

                   if(us.equals("aaa123"))
                   {
                       session.setAttribute("user", us);
                       session.setMaxInactiveInterval(300); // 5 minutes.
                       response.sendRedirect("listContacts.jsp");
                   }
                   else {
                       us = null;
                       session.setAttribute("user",us);
                       out.println("Type login and password.");
                   }
                }
             %>
        </fieldset>
        </form>
    </body>
</html>

When user puts the correct data in the page "index.jsp" he is redirected to the page "listContacts.jsp".

Page listContacts.jsp:

<%@page contentType="text/html" pageEncoding="ISO-8859-9"%>
<%
response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
response.setHeader("Pragma","no-cache"); // HTTP 1.0.
response.setDateHeader("Expires", 0);    

String usSession =(String) session.getAttribute("user");
if(usSession==null || usSession==""){
    response.sendRedirect("index.jsp");
}
%>
<!DOCTYPE HTML>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Show Contacts</title>
    </head>
    <body>
        <%
            String usLogged = (String) session.getAttribute("user");
            if (usLogged != null) {
        %>
            <fieldset style="text-align: right;">
                <p>
                    User Logged: User
                    <a href="index.jsp" id="btnLogout" onclick="<%session.invalidate();%>">Logout</a>
                </p>
            </fieldset>
        <%
            }
        %>        
        <h1>Contacts List</h1>
        <p>Contact A</p>
        <p>Contact B</p>
        <p>Contact C</p>
        <p>Contact D</p>
        <p>Contact E</p>
        <br />
        <p><a href="listContacts2.jsp">Contacts List 2</a></p>
    </body>
</html>

In the page "listContacts.jsp" (above) there is a link that, when clicked, send user to page "listContacts2.jsp". Here is the problem, because, when the user click in this link, the "listContacts2.jsp" page is called but, in this moment, the session object has no value. And I don't know why the session object is empty at this moment!!! How the session object is empty, the user is redirected to page "index.jsp" again.

Page listContacts2.jsp:

<%@page contentType="text/html" pageEncoding="ISO-8859-9"%>
<%
response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
response.setDateHeader("Expires", 0);    

String usSession =(String) session.getAttribute("user");
if(usSession==null || usSession==""){
    response.sendRedirect("index.jsp");
}
%>
<!DOCTYPE HTML>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Show Conctacts 2</title>
    </head>
    <body>
        <%
            String usLogged = (String) session.getAttribute("user");
            if (usLogged != null) {
        %>
            <fieldset style="text-align: right;">
                <p>
                    User Logged: User
                    <a href="index.jsp" id="btnLogout" onclick="<%session.invalidate();%>">Logout</a>
                </p>
            </fieldset>
        <%
            }
        %>        
        <h1>Contacts List 2</h1>
        <p>Contact F</p>
        <p>Contact G</p>
        <p>Contact H</p>
        <p>Contact I</p>
        <p>Contact J</p>
        <br />
        <p><a href="listContacts.jsp">Contacts List</a></p>
    </body>
</html>

If anyone can help me, I'll be grateful.

Edwar Saliba Júnior

Edited by eddiesaliba: Wrong word.

2
Contributors
2
Replies
9
Views
4 Years
Discussion Span
Last Post by eddiesaliba
1

I believe it is your logout button.

<a href="index.jsp" id="btnLogout" onclick="<%session.invalidate();%>">Logout</a>

It is a while since I've worked in jsp, so someone may correct me, but I believe this is executing the session.invalidate() function and printing the result into the javascript onclick call. You are not able to use javascript events to call server side functions in this way.

To test if this is correct, remove temporarily remove the logout button (or at least the call to session.invalidate) and try to run the page again.

Have a look at this post or google for how to call server side code from a hyperlink. But I think you will have to post the request to the server in order to achieve the functionality you require. I don't believe it can be done inline as you are trying to do.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.