-
Servlets and HttpSession
This is my first attempt at writing a servlet. I'm trying to create a simple login page that directs users to their account page where they can update their account details and such. However I'm getting the feeling that I'm not doing this right. Do I really need to use HttpSession here? If so, what should I be using it for besides storing their account name?
Also, how should I go about redirecting users who have edited their account details back to their account page?
Code:
public class Main extends HttpServlet {
public void doGet (HttpServletRequest r1, HttpServletResponse r2) throws IOException, ServletException {
r2.setContentType ("text/html");
PrintWriter p = r2.getWriter ();
String sqluser = "root", sqlpass = "password";
String account, password, request;
request = r1.getParameter ("request");
p.println ("<head>");
p.println ("<title>Main</title>");
p.println ("</head>");
p.println ("<body>");
p.println ("<p>");
/*
user login
*/
if (request.equals("login")) {
account = r1.getParameter ("account");
password = r1.getParameter ("password");
//search for account and password matches in sql database -> resultset res
if (res.next()==true) {
HttpSession session = r1.getSession();
session.setAttribute("logon.isDone", account);
String firstname = res.getString("firstname");
String lastname = res.getString("lastname");
String address = res.getString("address");
String province = res.getString("province");
String city = res.getString("city");
p.println ("<h2>logged in as:</h2>");
p.println ("<b>account</b>: " +account+ "<br/>");
p.println ("<b>first name</b>: " +firstname+ "<br/>");
p.println ("<b>last name</b>: " +lastname+ "<br/>");
p.println ("<b>address</b>: " +address+ "<br/>");
p.println ("<b>province</b>: " +province+ "<br/>");
p.println ("<b>city</b>: " +city+ "<br/>");
p.println ("<b>session</b>: " +session.getAttribute("logon.isDone")+"-"+session.getId()+ "<br/>");
p.println ("<form action='localhost:8080/servlet/Main' method='post'>");
p.println ("<input type='hidden' name='account' value='"+account+"'>");
p.println ("<input type='hidden' name='password' value='"+password+"'>");
p.println ("<input type='hidden' name='firstname' value='"+firstname+"'>");
p.println ("<input type='hidden' name='lastname' value='"+lastname+"'>");
p.println ("<input type='hidden' name='address' value='"+address+"'>");
p.println ("<input type='hidden' name='province' value='"+province+"'>");
p.println ("<input type='hidden' name='city' value='"+city+"'>");
p.println ("<p><input type='submit' value='edit details' name='request' size='10'><input type='submit' value='edit password' name='request' size='10'></p>");
p.println ("<p><input type='submit' value='logout' name='request' size='10'></p>");
p.println ("</form>");
}
else {
p.println ("<h2>error: incorrect account name and/or password</h2><br/>");
}
}
/*
logout
*/
else if (request.equals("logout")) {
session.invalidate();
}
/*
send account edit form
*/
else if (request.equals("edit details")) {
account = r1.getParameter ("account");
password = r1.getParameter ("password");
String firstname = r1.getParameter ("firstname");
String lastname = r1.getParameter ("lastname");
String address = r1.getParameter ("address");
String province = r1.getParameter ("province");
String city = r1.getParameter ("city");
p.println ("<h2>edit account details:</h2>");
p.println ("<form action='localhost:8080/servlet/Main' method='post'>");
p.println ("<input type='hidden' name='account' value='"+account+"'>");
p.println ("<input type='hidden' name='password' value='"+password+"'>");
p.println ("<p>first name: <input type='text' name='firstname' value="+firstname+" size='20' maxlength='20'></p>");
p.println ("<p>last name: <input type='text' name='lastname' value="+lastname+" size='20' maxlength='20'></p>");
p.println ("<p>address: <input type='text' name='address' value="+address+" size='20' maxlength='20'></p>");
p.println ("<p>province: <input type='text' name='province' value="+province+" size='3' maxlength='3'></p>");
p.println ("<p>city: <input type='text' name='city' value="+city+" size='20' maxlength='20'></p>");
p.println ("<p><input type='submit' value='update details' name='request' size='10'></p>");
p.println ("</form>");
}
/*
update account
*/
else if (request.equals("update details")) {
account = r1.getParameter ("account");
password = r1.getParameter ("password");
String firstname = r1.getParameter ("firstname");
String lastname = r1.getParameter ("lastname");
String address = r1.getParameter ("address");
String province = r1.getParameter ("province");
String city = r1.getParameter ("city");
//update record in sql database
p.println ("<h2>account details updated</h2>");
//redirect user to their account page
}
p.println ("</p>");
p.println ("</body>");
p.println ("</html>");
}
public void doPost (HttpServletRequest r1, HttpServletResponse r2) throws ServletException, IOException {
doGet (r1, r2);
}
}
-
1.)Start by naming variables appropriately
Code:
public void doGet (HttpServletRequest request, HttpServletResponse response) ...
2.) Do not write html in servlets. Use JSPs for presenting the data.
3.) Where is res declared and initialized? Just write a separate class for the DB check and put in a method called userExists (or similar). Then all your servlet needs to do is call that method.
-
4) Do not write monster servlets. This is 4 different servlets squished into one, making it a maintenance (and reading) nightmare.
-
I will of course write separate methods to handle the DB checks and use JSP for the HTML after I get everything working properly.
The main problems I have at the moment are 1) how to use HttpSession in for a servlet such as this, and 2) how do redirect users that have updated their record details to their account page that is currently presented to them only after they have logged in. I could force them to login again, but there must be a better way to do it.
-
When you verify that they exist in the database, create a new session for them and store their details in the session. You can now access them on every page.
-
I'll try that, thanks.
Tolls: I originally had another servlet to handle the registration, but for some reason thought that squishing it all into one would be better. I guess I should split it up now.
