Http Session for unauthenticated application

Question

I am implementing one web application which is sort of unauthenticated for new user, and it will be used by another web app i.e. not used directly by end user, but the parent web app is not in my control. So through my web app new user can buy the product than he want by giving his personal, contact details, and I am implementing session management for it.

So I have implemented this in below way, and wants to now your suggestion to make it better.

1). Once the parent web app redirects to my web app url, i am invoking the two servlets(due to framework structure).

• First servlet, will Removing the older object of myUser from HttpSession if there is any.(as there is not any logout in my application, and read that onbeforeunload is not reliable) and it also removes the myUser object from the Threadlocal (that i have implemented to maintain the state of each and every thread separately).

• After that, second servlet is creating new object and binding it with an HttpSession, and using that session to save the intermittent data of user for interrelated services.

And I know that each service method of the servlet runs in seperate thread, so hoping that one session will not interfere with another, as this will be one per browser, due to uniqueness of session id, Please correct me if I am wrong

Answer 1

You can use a servlet filter which will do the job of Serlvet1 i.e.,

Removing the older object of myUser from HttpSession if there is any.(as there is not any logout in my application, and read that onbeforeunload is not reliable) and it also removes the myUser object from the Threadlocal (that i have implemented to maintain the state of each and every thread separately).

The legacy application will redirect to your Servlet 2 which will have the servlet filter configured.

By adding a servlet filter, the control will first reach your servlet filter wherein you perform the logic of user session removal and pass the control to servlet2