Login and Session Tracking with Servlet or EJBs
0 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Mike_Polin
Posted On:   Wednesday, May 2, 2001 02:56 PM

Hi all. I want to write an EC-app with a normal Login procedure. I use a servlet to communicate with client and some EJBs for business logik and DB access. 1) What is the "best practice" for this login? Schould i track the user session in servlet or in some (statefull?) session EJB? 2) I want to have it as flexible as possible, so are the cookies not the best choice, aren't they? 3) Should i use the separate LoginServlet or can i do everything in one MainServlet? How can i pass the info about user login (or session) between 2 servlets? 4) Could someone post (or odessit@gmx.de) some sample code of such a LoginServlet (or EJB) with session-tracking, that works? Or some links to such kind of information. (I've already seen a l   More>>

Hi all. I want to write an EC-app with a normal Login procedure. I use a servlet to communicate with client and some EJBs for business logik and DB access.
1) What is the "best practice" for this login? Schould i track the user session in servlet or in some (statefull?) session EJB?
2) I want to have it as flexible as possible, so are the cookies not the best choice, aren't they?
3) Should i use the separate LoginServlet or can i do everything in one MainServlet? How can i pass the info about user login (or session) between 2 servlets?
4) Could someone post (or odessit@gmx.de) some sample code of such a LoginServlet (or EJB) with session-tracking, that works? Or some links to such kind of information. (I've already seen a lot, but nothing of great value for me)
5) How to implement a kind of security (SSL?) in servlets or in EJBs? I've read, that this should work, but i couldn't found any samples or tutorials on this topic.
6) If I want to test my session tracking on my standalone Win2K PC, I open 2 IE-windows. But if I try to login in 2nd window as another user, I have the same session. Is there smth. wrong? Or is it a feature? When will the server do a new session? If the request comes from another IP? If I close the browser, the session will not be closed until timeout. How can I test this on my only PC?
Thanks a lot, any fedback is appresiated, as i'm relatively new to java, espessially the server-side of it.

   <<Less
About | Sitemap | Contact