Very basic question. I have a portal containing several servlets, one of which takes care of logging in (but only as an admin). How do I use HttpSessions between Servlets to know if the admin is signed in?
Thanks in advance!
Add a comment
|
3 Answers
Whenever your admin users signs in put something like session.setAttribute("admin","true");
check this as session.getAttribute("admin") to see if admin is logged in
Comments
set an attribute in session
session.setAttribute("isAdmin",true OR false);
At the login time decide the user type and set it.
Comments
I'd store the complete user object in the session.
http://download.oracle.com/javaee/1.3/api/javax/servlet/http/HttpServletRequest.html#getSession()
You can gain access to the session through this method. If you store the whole user in the session (or the user-id from your database), you can implement a more refined, role-based access later on as your application grows.
greetings
3 Comments
sapientpants
That's not generally a good idea as you'll have to make sure the object remains in sync with what's in the DB yourself. Usually one is better off just storing the id in the session and retrieving it as needed. A straight primary key query will hit the cache and not load the DB, and the cache should be integrated with the persistence framework to ensure the returned object is up to date.
sapientpants
Not to mention it's more data to push between nodes if you're in a clustered configuration.
chzbrgla
yeah i meant to say he should store the user as a whole object, referenced by the id .. couldn't quite express myself there :D