maintain session after login

I have this web site that allows both guest and member to visit. The entry URL is public, which allows both guest and member to enter without login require. HttpSession as soon as they came in the site. So guest and member alike can move freely within the non-member only section of the site. When someone click on a member only link, a pop-up login window (in JSP) will ask for the member login information (username & password - they are stored in a database table, can easily do SQL lookup to verfiy).

What I want to know is, say if someone has interest a product (i.e. shoes) and click "buy" to indicate they want to purchase the item. the pop-up login screen appears. after a successful login, I want to make sure some variables get pass to the next page (from before login to after login)? how can I do that?

thanks

[853 byte] By [ku916a] at [2007-9-19]

«« Using Swing with Java Beans
»» Database String & encoding

# 1

Is the session object not working for you? Are you implementing some special security features such as WebSphere secured pages?

jwyatta at 2007-7-8 >

top of java,Enterprise & Remote Computing,Web Tier APIs...

# 2

U need to store the id & password in session when a user is auntenticated . When user clicks on "buy", just check up if the session object exists .If exits, then proceed, else login screen sud appear

preeti_ka at 2007-7-8 >

# 3

It may not be as easy as that. If WebSphere's security mechanism or another similar is involved the old "unsecured" session is invalidated once the login is invoked and "secured" pages requested.

jwyatta at 2007-7-8 >

# 4

If an user (not logged on) clicks buy, forward the request to the login page and store the request object in the session.

When the User submits his/her credentials, validate it, then you can process the peviously stored request object from the session (which has all the information user sent while "buying the item" ). Clear the request object from the session and proceed.

Hope this may help you....!

johnvinoda at 2007-7-8 >

# 5

now that I've more time to think through this, I can break it down to 3 states (1. pre-login, 2. login validation & 3 post-login)

For each stages

1. store session objects (i.e. purchasing product)

2. pass the product session object from 1 screen (pre-login) - 2 (login) screen

if login info invalidates, then print error msg on 2 (login) screen

if login info validates, pass the product session objects to 3 (post-login) and close 2

3. get the session object and proceed.

if the above are logically sounds, then I've to ask

1. is it necessary to pass the sesion object to 2 before getting to 3? the reason is that there are many places on the site where login will be asked, buy, check order, change profile, etc... and they all have different session objects based on the business function. So the combinations of where the object came from and the object itself will drive which 3 (pre-login) page will appear, correct?

thanks

ku916a at 2007-7-8 >

Codefund.Com Java Programmer Resources including(FAQ) Tutorial based around objectives, Mock Exam, Demo Applets illustrating language points, created by a Sun Certified Java Programmer.

maintain session after login

Enterprise & Remote Computing Hot Topic

Enterprise & Remote Computing

Site Classified