Java Answers Forum - Session Tracking

Articles |
News |
Weblogs |
Books |
Forums

Artima Forums | Articles | Weblogs | Java Answers | News

Sponsored Link •

Java Answers Forum
Session Tracking

2 replies on 1 page. Most recent reply: Oct 23, 2003 2:19 PM by Joe Parks

Welcome Guest
Sign In

Back to Topic List

Reply to this Topic

Search Forum

Threaded View


Previous Topic		Next Topic

Flat View: This topic has 2 replies on 1 page

Dar

Posts: 9
Nickname: dar
Registered: Oct, 2003

Session Tracking

Posted: Oct 23, 2003 1:32 PM

I'm using Session objects in my JSP pages to keep track of which user's are administrators and which user's are not. I retrieve the user's Windows NT login, run a query against one of my database tables to see if the user is an admin, and if they are, then the appropriate admin buttons are provided.

If the user's login is in my table, the session object works fine and displays the appropriate name that I assign to it. However, if the user's login is not in my table, the Session object should display a default name that I've specified for it. But it doesn't do that. Instead, it shows the name of the person who accessed the site last whose login is in my table. Why is that? Below is the code I have so far:

<%
logon = request.getRemoteUser();

session = request.getSession(true);

try {
Class.forName("oracle.jdbc.driver.OracleDriver");

} catch(ClassNotFoundException cnfe) {

System.err.println("Error Loading Driver: " + cnfe);
}

adminQuery = "Select fname, lname, isadmin FROM AJM.Personnel WHERE UPPER(logonID) = UPPER('" + logon + "')";

try {

Connection conn = DriverManager.getConnection("jdbc:oracle:thin:@my DataBase on the network");
Statement st = conn.createStatement();
ResultSet rs = st.executeQuery(adminQuery);

if (rs == null) {
fullName = "MEDS User";
adminyesno = "no";
session.setAttribute("name", fullName);
session.setAttribute("isadmin", adminyesno);
}//end if

else {

while (rs.next()) {

firstName = (String)rs.getString("fname");
lastName = (String)rs.getString("lname");
adminyesno = (String)rs.getString("isadmin");

}//end while

fullName = firstName + " " + lastName;
session.setAttribute("name", fullName);
session.setAttribute("isadmin", adminyesno);

}//end else

}//try

catch(SQLException sqle){
System.err.println("Error Connecting to DB: " + sqle);
}

response.sendRedirect("MEDS_index.jsp");

%>

Jonathon Brozny

Posts: 24
Nickname: jonathon
Registered: Oct, 2003

Re: Session Tracking

Posted: Oct 23, 2003 2:01 PM

The problem is that you have, if(rs == null), It is never going to be null if you get a record back or not. Then you go to the else side, and if there is no record it never enters the while statement. I would try somethin like..

ResultSet rs = st.executeQuery(adminQuery);
 
if (rs.next()) {
   firstName = (String)rs.getString("fname");
   lastName = (String)rs.getString("lname");
   adminyesno = (String)rs.getString("isadmin");
   fullName = firstName + " " + lastName;
}
else {
   fullName = "Meds User";
   adminyesno = "no";
}
session.setAttribute("name", fullName);
session.setAttribute("isadmin", adminyesno);

Joe Parks

Posts: 107
Nickname: joeparks
Registered: Aug, 2003

Re: Session Tracking

Posted: Oct 23, 2003 2:19 PM

Where are the Strings being declared? in something like <%! String firstName = null; %> ? I forget the actual syntax, but you probably see it in your code.

If so, then they are instance variables of the JSP/servlet. Every user will hit the same instance of the servlet. That's the way servlets/JSPs work; there is only one instance per JVM.

So, once someone logs in successfully, his or her name will be displayed until the next successful login (because your code is only updating the values upon successful login--due the null check that Jonathon pointed out).

Flat View: This topic has 2 replies on 1 page

Previous Topic

Next Topic


	Web Artima.com