Reputation: 32331
Why the session attribute is coming as null
A HTML5 UI is connected to the backend (REST Jersey to business logic to Hibernate and DB). I need to create and maintain a session for each user login until the user logs out.
I am clueless on how to approach this problem.
I followed this approach
Initially when the User is successfully logs in , i am setting attribute under session as shown below
HttpSession session = request.getSession(true);
session.setAttribute("islogged", "islogged");
String value = (String)session.getAttribute("islogged");
System.out.println("****************** The User Logge in Value"+value);
Later in a different page i am checking if the user is logged in or not this way
public String checkIfUserLoggedIn() throws JSONException,ClassNotFoundException, SQLException
{
HttpSession session = request.getSession();
String value = (String)session.getAttribute("islogged");
if(value==null)
{
// always its coming here only
}
}
Upvotes: 1
Views: 1332
Answers (2)
Reputation: 2316
I agree with francesco foresti, please do not rely on HTTP session without Auth. this is unsafe, and quite dangerous for your app.
Have you been implementing a specific session mecanism ? If not, jersey as it is will not store session data as it. Every call that you will make will give you a session id that is different from yours. You have to make authentication & use the auth token in order to identify you session.
use JAX-RS Please do use an auth mecanism as defined : https://jersey.java.net/documentation/latest/security.html
@Path("authentication") @Singleton public static class MyResource { // Jersey will inject proxy of Security Context @Context SecurityContext securityContext; @GET public String getUserPrincipal() { return securityContext.getUserPrincipal().getName(); } }or use another framework : Spring, Shiro.... etc. I really prefer that solution, since another framework will implement a lot of stuff for you. You gain a lot of time doing so.
Please take a look to official jersey doc: https://jersey.java.net/documentation/latest/index.html
Upvotes: 2
Reputation: 2043
I wouldn't rely on the http session. My approach would be to put an "Authorization" field in the header of the response that the server returns when the user logs in, and ask the user to put the very same header in each suqsequent call. In this header you put the informations that help the server find the identity of the user (take a look at what twitter does as an example : https://dev.twitter.com/oauth/overview/authorizing-requests). The server could save the informations about the logged in user in the database, or You could create a Map in a Singleton that would serve as the "authorization gatekeeper" for your services.
Upvotes: 0
Related Questions
- How to bind the session to the User object using jersey
- Session set attribute not working
- session getAttribute is null Java
- Cannot get attribute from session in Struts 2
- Session is null on first request
- session attribute null in my spring interceptor
- Session attribute returns null in Jsp
- Getting and NullPointerException while accessing to a session attribute
- session in jsp getting null value on getAttribute
- Problem with session attributes in JSP EL using Spring MVC