New to JSP!

Hi there,

1) Could you please explain a bit more about what you mean by protecting JSP pages ?

Can you show some code examples of what you mean?

Static HTML pages can't have programming logic.

2) A session is an HTTP Object, that's why it's called HttpSession - in your JSP page if you specify session="true" , or leave it out (by default it's true) , then when you access your JSP page with your browser like Internet Explorer or Firefox , it creates an HttpSession .

By default all JSP pages have the session object (unless session="false" is specified in a particular JSP page)

You can write code like this

<%

session.setAttribute("someAttribute", "Some String Object");

%>

to set a value into the JSP page's session object.

then you can write code like this

<%

session.getAttribute("someAttribute");

%>

to retrieve the value stored in "someAttribute" , you can store any Object inside the HttpSession.

Also the HttpSession from one JSP page is visible in another JSP page.

- A session becomes invalid after some duration of browser inactivity. You can increase the inactive interval if you want.

- HttpSession will not work if the page gets cached by the browser, so if you are using sessions then prevent pages from being cached by the browser.

- You can remove an attribute from session with

<%

session.removeAttribute("attributeName");

%>

Many other methods are supported, see this API for details:

http://java.sun.com/javaee/5/docs/api/ , on the left hand side look for HttpSession and click on it.

appy77a at 2007-7-10 >